Blackberry Enterprise Server Policy Reference Guide T323212 832026 1023123101 001 5.0.1 US

BlackBerry Enterprise Server
Version: 5.0 | Service Pack: 1
Policy Reference Guide
SWDT323212-832026-1204092649-001
Contents
1 IT policy rules............................................................................................................................................................................... Using IT policy rules on other devices.......................................................................................................................................... Preconfigured IT policies................................................................................................................................................................ New IT policy rules in this release................................................................................................................................................. 21 21 21 22 25 25 25 25 26 26 27 27 28 28 29 30 30 31 31 32 32 33 33 34 34 34 35 36 36 37 37 38 38
2 Descriptions of IT policy rules................................................................................................................................................... Desktop Only items........................................................................................................................................................................ Auto Backup Enabled IT policy rule...................................................................................................................................... Auto Backup Exclude Messages IT policy rule.................................................................................................................... Auto Backup Exclude Synchronization IT policy rule......................................................................................................... Auto Backup Frequency IT policy rule.................................................................................................................................. Auto Backup Include All IT policy rule................................................................................................................................. Disable Wireless Calendar IT policy rule.............................................................................................................................. Do Not Save Sent Messages IT policy rule.......................................................................................................................... Force Load Count IT policy rule............................................................................................................................................ Force Load Message IT policy rule........................................................................................................................................ Forward Messages In Cradle IT policy rule.......................................................................................................................... Message Conflict Mailbox Wins IT policy rule..................................................................................................................... Message Prompt IT policy rule.............................................................................................................................................. Show Application Loader IT policy rule................................................................................................................................ Show Web Link IT policy rule................................................................................................................................................. Synchronize Messages Instead Of Importing IT policy rule.............................................................................................. Web Link Label IT policy rule................................................................................................................................................. Web Link URL IT policy rule................................................................................................................................................... Device Only Items........................................................................................................................................................................... Allow BCC Recipients IT policy rule..................................................................................................................................... Allow Peer-to-Peer Messages IT policy rule....................................................................................................................... Allow SMS IT policy rule........................................................................................................................................................ Default Browser Config UID IT policy rule.......................................................................................................................... Enable Long-Term Timeout IT policy rule............................................................................................................................ Enable WAP Config IT policy rule......................................................................................................................................... Home Page Address IT policy rule........................................................................................................................................ Home Page Address Is Read-Only IT policy rule................................................................................................................ Maximum Password Age IT policy rule................................................................................................................................
Maximum Security Timeout IT policy rule........................................................................................................................... Minimum Password Length IT policy rule............................................................................................................................ Password Pattern Checks IT policy rule............................................................................................................................... Password Required IT policy rule.......................................................................................................................................... User Can Change Timeout IT policy rule............................................................................................................................. User Can Disable Password IT policy rule........................................................................................................................... Global items..................................................................................................................................................................................... Allow Browser IT policy rule.................................................................................................................................................. Allow Phone IT policy rule..................................................................................................................................................... Auto Signature IT policy rule................................................................................................................................................. Application Center policy group................................................................................................................................................... Disable Application Center IT policy rule............................................................................................................................ Disable Carrier Directory IT policy rule................................................................................................................................ BlackBerry Messenger policy group............................................................................................................................................. Disable BlackBerry Messenger IT policy rule...................................................................................................................... Disable Check for Updates IT policy rule............................................................................................................................ Disable Location Requests, Responses, and Proximity Alerts IT policy rule.................................................................... Disable Server Based Contact List Synchronization IT policy rule................................................................................... Disallow External Email Address for Server Registration IT policy rule........................................................................... Disallow Forwarding of Contacts IT policy rule.................................................................................................................. Disallow Setting a Subject on Conversations IT policy rule.............................................................................................. Enforce Security Question in BlackBerry Messenger Invitation IT policy rule................................................................ Messenger Audit Email Address IT policy rule.................................................................................................................... Messenger Audit Max Report Interval IT policy rule.......................................................................................................... Messenger Audit Report Interval IT policy rule.................................................................................................................. Messenger Audit UID IT policy rule..................................................................................................................................... BlackBerry Smart Card Reader policy group............................................................................................................................... Disable Auto Reconnect To BlackBerry Smart Card Reader IT policy rule...................................................................... Force Erase All Keys on BlackBerry Disconnected Timeout IT policy rule....................................................................... Force Erase Key on PC Standby IT policy rule..................................................................................................................... Maximum BlackBerry Bluetooth Traffic Inactivity Timeout IT policy rule........................................................................ Maximum BlackBerry Disconnected Timeout IT policy rule.............................................................................................. Maximum BlackBerry Long Term Timeout IT policy rule................................................................................................... Maximum Bluetooth Encryption Key Regeneration Period IT policy rule........................................................................ Maximum Bluetooth Range IT policy rule...........................................................................................................................
39 40 40 41 42 42 43 43 44 44 45 45 45 46 46 46 46 47 47 48 48 48 49 49 49 50 50 50 51 51 52 53 53 54 54
Maximum Connection Heartbeat Period IT policy rule...................................................................................................... Maximum Number of BlackBerry Transactions IT policy rule........................................................................................... Maximum Number of PC Pairings IT policy rule................................................................................................................. Maximum Number of PC Transactions IT policy rule......................................................................................................... Maximum PC Bluetooth Traffic Inactivity Timeout IT policy rule..................................................................................... Maximum PC Disconnected Timeout IT policy rule............................................................................................................ Maximum PC Long Term Timeout IT policy rule................................................................................................................. Maximum Smart Card Not Present Timeout IT policy rule................................................................................................ Minimum PIN Entry Mode IT policy rule.............................................................................................................................. BlackBerry Unite! policy group..................................................................................................................................................... Disable Download Manager IT policy rule........................................................................................................................... Disable Unite! Applications IT policy rule........................................................................................................................... Bluetooth policy group................................................................................................................................................................... Allow Outgoing Calls IT policy rule...................................................................................................................................... Disable Address Book Transfer IT policy rule...................................................................................................................... Disable Advanced Audio Distribution Profile IT policy rule............................................................................................... Disable Audio/Video Remote Control Profile IT policy rule.............................................................................................. Disable Bluetooth IT policy rule............................................................................................................................................ Disable Desktop Connectivity IT policy rule........................................................................................................................ Disable Dial-Up Networking IT policy rule......................................................................................................................... Disable Discoverable Mode IT policy rule............................................................................................................................ Disable File Transfer IT policy rule....................................................................................................................................... Disable Handsfree Profile IT policy rule.............................................................................................................................. Disable Headset Profile IT policy rule.................................................................................................................................. Disable Pairing IT policy rule................................................................................................................................................ Disable Serial Port Profile IT policy rule.............................................................................................................................. Disable SIM Access Profile IT policy rule............................................................................................................................. Disable Wireless Bypass IT policy rule................................................................................................................................. Force CHAP Authentication on Bluetooth Link IT policy rule........................................................................................... Limit Discoverable Time IT policy rule................................................................................................................................. Minimum Encryption Key Length IT policy rule.................................................................................................................. Require Encryption IT policy rule.......................................................................................................................................... Require LED Connection Indicator IT policy rule................................................................................................................ Require Password for Discoverable Mode IT policy rule.................................................................................................... Require Password for Enabling Bluetooth Support IT policy rule.....................................................................................
55 56 56 57 57 58 59 59 60 60 60 61 61 61 62 62 62 63 63 64 64 64 65 65 66 66 67 67 67 68 68 69 69 69 70
Browser policy group...................................................................................................................................................................... Allow Application Download Services IT policy rule.......................................................................................................... Allow Hotspot Browser IT policy rule................................................................................................................................... Allow IBS Browser IT policy rule........................................................................................................................................... Disable Auto Synchronization in Browser IT policy rule.................................................................................................... Disable JavaScript in Browser IT policy rule........................................................................................................................ Download Images URL IT policy rule................................................................................................................................... Download Themes URL IT policy rule.................................................................................................................................. Download Tunes URL IT policy rule...................................................................................................................................... MDS Browser BSM Enabled IT policy rule........................................................................................................................... MDS Browser Domains IT policy rule................................................................................................................................... MDS Browser HTML Tables Enabled IT policy rule............................................................................................................. MDS Browser JavaScript Enabled IT policy rule.................................................................................................................. MDS Browser Style Sheets Enabled IT policy rule.............................................................................................................. MDS Browser Title IT policy rule........................................................................................................................................... MDS Browser Use Separate Icon IT policy rule.................................................................................................................. Camera policy group....................................................................................................................................................................... Disable Photo Camera IT policy rule.................................................................................................................................... Disable Video Camera IT policy rule.................................................................................................................................... Certification Authority Profile policy group................................................................................................................................. Allow Private Key Export IT policy rule................................................................................................................................ Certificate Enrollment Delay IT policy rule.......................................................................................................................... Certificate Expiry Window IT policy rule.............................................................................................................................. Certification Authority Host IT policy rule........................................................................................................................... Certificate Authority Port IT policy rule............................................................................................................................... Certification Authority Profile Name IT policy rule............................................................................................................ Certification Authority Profile Required IT policy rule....................................................................................................... Certification Authority Type IT policy rule........................................................................................................................... Common Name Components IT policy rule........................................................................................................................ Custom Microsoft Certification Authority Certificate Template IT policy rule................................................................ Distinguished Name Components IT policy rule................................................................................................................ Key Algorithm IT policy rule.................................................................................................................................................. Key Length IT policy rule....................................................................................................................................................... Microsoft Certification Authority Certificate Template IT policy rule.............................................................................. RSA Certification Authority Certificate ID IT policy rule...................................................................................................
70 70 71 71 72 72 72 73 73 73 74 74 75 75 76 76 76 76 77 77 77 78 78 79 79 79 80 81 81 82 82 83 83 84 84
RSA Jurisdiction ID IT policy rule.......................................................................................................................................... Certificate Synchronization policy group..................................................................................................................................... Random Source URL IT policy rule....................................................................................................................................... User Can Disable Automatic RNG Initialization IT policy rule......................................................................................... Common policy group.................................................................................................................................................................... BlackBerry Server version IT policy rule............................................................................................................................... Confirm On Send IT policy rule............................................................................................................................................. Disable Kodiak PTT IT policy rule......................................................................................................................................... Disable MMS IT policy rule.................................................................................................................................................... Disable Voice-Activated Dialing IT policy rule................................................................................................................... Disable Voice Note Recording IT policy rule....................................................................................................................... Enable Simultaneous Phone and Data IT policy rule......................................................................................................... IT Policy Notification IT policy rule....................................................................................................................................... Lock Owner Info IT policy rule.............................................................................................................................................. Set Owner Info IT policy rule................................................................................................................................................. Set Owner Name IT policy rule............................................................................................................................................. Date and Time IT policy group...................................................................................................................................................... Automatic Time Zone Change Detection IT policy rule..................................................................................................... Enable Time Zone Definitions Update IT policy rule.......................................................................................................... Periodic Time Synchronization IT policy rule...................................................................................................................... Time Zone Definitions Automatic Update Interval IT policy rule..................................................................................... Time Zone Definitions Update Server IT policy rule........................................................................................................... Desktop policy group...................................................................................................................................................................... Allow BlackBerry Desktop Software Statistics IT policy rule............................................................................................. Allow External Device Software Servers IT policy rule....................................................................................................... Allow Personal Folder Reconciliation IT policy rule............................................................................................................ Desktop Allow Desktop Add-ins IT policy rule.................................................................................................................... Desktop Allow Device Switch IT policy rule........................................................................................................................ Desktop Password Cache Timeout IT policy rule................................................................................................................ Disable Check For Updates Link IT policy rule................................................................................................................... Disable Media Manager IT policy rule................................................................................................................................. Disable Media Synchronization IT policy rule..................................................................................................................... Generate Encrypted Backup Files IT policy rule................................................................................................................. Override Check For Updates URL IT policy rule................................................................................................................. Device IOT Application policy group............................................................................................................................................
85 85 85 86 86 86 87 87 88 88 88 89 89 90 90 91 92 92 92 93 93 93 94 94 94 95 95 95 96 97 97 97 98 98 99
Device Diagnostic App Disable IT policy rule..................................................................................................................... Set Diagnostic Report Email Address IT policy rule........................................................................................................... Set Diagnostic Report PIN Address IT policy rule.............................................................................................................. Documents To Go policy group..................................................................................................................................................... Disable Documents To Go IT policy rule.............................................................................................................................. Hide Documents To Go Communication Menus IT policy rule......................................................................................... Hide Documents To Go Premium Feature Menus IT policy rule....................................................................................... Email Messaging policy group....................................................................................................................................................... Allow Auto Attachment Download IT policy rule................................................................................................................ Attachment Viewing IT policy rule....................................................................................................................................... Confirm External Image Download IT policy rule............................................................................................................... Disable Form Submission IT policy rule............................................................................................................................... Disable Manual Download of External Images IT policy rule............................................................................................ Disable Notes Native Encryption Forward And Reply IT policy rule................................................................................ Disable Rich Content Email IT policy rule........................................................................................................................... Enable Wireless Message Reconciliation IT policy rule...................................................................................................... Inline Content Requests IT policy rule................................................................................................................................. Keep Message Duration IT policy rule................................................................................................................................. Keep Saved Message Duration IT policy rule...................................................................................................................... Maximum Native Attachment MFH attachment size IT policy rule................................................................................. Maximum Native Attachment MFH total attachment size IT policy rule........................................................................ Maximum Native Attachment MTH attachment size IT policy rule................................................................................. Notes Native Encryption Password Timeout IT policy rule................................................................................................ Prepend Disclaimer IT policy rule......................................................................................................................................... Require Notes Native Encryption For Outgoing Messages IT policy rule....................................................................... Enterprise Voice Client policy group............................................................................................................................................ Disable DTMF Fallback IT policy rule................................................................................................................................... Disable Enterprise Voice Client IT policy rule..................................................................................................................... Lock Outgoing Line IT policy rules....................................................................................................................................... Reject Non-Enterprise Voice Calls IT policy rule................................................................................................................ External Display policy group........................................................................................................................................................ Display Notification Details IT policy rule........................................................................................................................... Include Message Text in Notification Details IT policy rule.............................................................................................. Firewall policy group....................................................................................................................................................................... Restrict Incoming Cellular Calls IT policy rule....................................................................................................................
99 99 99 100 100 100 101 101 101 102 102 103 103 103 104 104 105 105 106 106 106 107 107 108 108 109 109 109 109 110 110 110 111 111 111
Restrict Outgoing Cellular Calls IT policy rule.................................................................................................................... Instant Messaging policy group.................................................................................................................................................... Disable Address Book Lookup for Enterprise Messenger IT policy rule........................................................................... Disable Automatic Login IT policy rule................................................................................................................................ Disable Broadcast Messages IT policy rule......................................................................................................................... Disable Emailing Conversation IT policy rule...................................................................................................................... Disable Emoticons IT policy rule........................................................................................................................................... Disable Offline Messaging for Enterprise Messenger IT policy rule................................................................................ Disable Saving Conversation IT policy rule......................................................................................................................... Disallow File Transfer Types IT policy rule........................................................................................................................... Maximum File Transfer Size (MB) IT policy rule.................................................................................................................. Location Based Services policy group........................................................................................................................................... Allow Geolocation Service IT policy rule.............................................................................................................................. Disable BlackBerry Maps IT policy rule................................................................................................................................ Enable Enterprise Location Tracking IT policy rule............................................................................................................. Enterprise Location Tracking Interval IT policy rule........................................................................................................... Enterprise Location Tracking User Prompt Message IT policy rule.................................................................................. MDS Integration Service policy group.......................................................................................................................................... Allow Access to Multiple Domains IT policy rule................................................................................................................ Allow Discovery By User IT policy rule................................................................................................................................. Disable Activation With Public BlackBerry MDS Integration Service IT policy rule....................................................... Disable MDS Runtime IT policy rule..................................................................................................................................... Disable User-Initiated Activation With Public BlackBerry MDS Integration Service IT policy rule.............................. Enable Access to Device Data for MDS Runtime 4.3.0 and earlier IT policy rule.......................................................... Lowest BlackBerry MDS Integration Service Security Version Allowed IT policy rule................................................... Queue Limit for Inbound Application Messages IT policy rule......................................................................................... Queue Limit for Outbound Application Messages IT policy rule...................................................................................... Verify BlackBerry MDS Integration Service Certificate IT policy rule.............................................................................. Memory Cleaner policy group....................................................................................................................................................... Force Memory Clean When Closed IT policy rule............................................................................................................... Force Memory Clean When Holstered IT policy rule.......................................................................................................... Force Memory Clean When Idle IT policy rule..................................................................................................................... Memory Cleaner Maximum Idle Time IT policy rule........................................................................................................... On-Device Help policy group........................................................................................................................................................ On-Device Help Group Label IT policy rule........................................................................................................................
112 113 113 113 113 114 114 114 115 115 116 116 116 117 117 117 118 118 118 118 119 119 120 120 120 121 121 122 122 122 123 123 124 124 124
On-Device Help Links IT policy rule..................................................................................................................................... 125 Password policy group.................................................................................................................................................................... 125 Duress Notification Address IT policy rule.......................................................................................................................... 125 Forbidden Passwords IT policy rule...................................................................................................................................... 126 Maximum Password History IT policy rule.......................................................................................................................... 126 Periodic Challenge Time IT policy rule................................................................................................................................. 127 Set Maximum Password Attempts IT policy rule................................................................................................................ 128 Set Password Timeout IT policy rule..................................................................................................................................... 128 Suppress Password Echo IT policy rule................................................................................................................................ 129 PIM Synchronization policy group................................................................................................................................................ 130 Disable Address Wireless Synchronization IT policy rule................................................................................................... 130 Disable All Wireless Synchronization IT policy rule............................................................................................................ 130 Disable BlackBerry Messenger Wireless Synchronization IT policy rule.......................................................................... 131 Disable Calendar Wireless Synchronization IT policy rule................................................................................................. 131 Disable Enterprise Activation Progress IT policy rule........................................................................................................ 132 Disable Memopad Wireless Sync IT policy rule................................................................................................................... 132 Disable Phone Call Log Wireless Synchronization IT policy rule...................................................................................... 133 Disable PIN Messages Wireless Synchronization IT policy rule........................................................................................ 133 Disable SMS Messages Wireless Sync IT policy rule.......................................................................................................... 133 Disable Task Wireless Sync IT policy rule............................................................................................................................ 134 Disable Wireless Bulk Loads IT policy rule........................................................................................................................... 134 PGP Application policy group........................................................................................................................................................ 135 PGP Allowed Content Ciphers IT policy rule....................................................................................................................... 135 PGP Allowed Encrypted Attachment Mode........................................................................................................................ 136 PGP Allowed Encryption Types IT policy rule...................................................................................................................... 136 PGP Blind Copy Address IT policy rule................................................................................................................................ 137 PGP Force Digital Signature IT policy rule.......................................................................................................................... 137 PGP Force Encrypted Messages IT policy rule.................................................................................................................... 138 PGP Minimum Strong DH Key Length IT policy rule......................................................................................................... 138 PGP Minimum Strong DSA Key Length IT policy rule........................................................................................................ 139 PGP Minimum Strong RSA Key Length IT policy rule........................................................................................................ 139 PGP More All and Send Mode IT policy rule....................................................................................................................... 140 PGP Universal Enrollment Method IT policy rule............................................................................................................... 140 PGP Universal Policy Cache Timeout IT policy rule........................................................................................................... 141 PGP Universal Server Address IT policy rule....................................................................................................................... 141
RIM Value-Added Applications policy group.............................................................................................................................. Allow Edits to BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule............................... Allow TiVo for BlackBerry application IT policy rule........................................................................................................... BlackBerry Social Network Application Proxy URL for Lotus Connections IT policy rule.............................................. BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule........................................................ Disable BlackBerry Wallet IT policy rule.............................................................................................................................. Disable Ecommerce Content Optimization Engine IT policy rule..................................................................................... Disable Lotus Connections IT policy rule............................................................................................................................. Disable Organizer Data Access for Social Networking Applications............................................................................... Disable RIM Value-Added Applications IT policy rule....................................................................................................... Enable the "Tell A Friend" Feature in BlackBerry Client for Lotus Quickr IT policy rule................................................ Lotus Connections Activities Server IT policy rule.............................................................................................................. Lotus Connections Blogs Server IT policy rule.................................................................................................................... Lotus Connections Communities Server IT policy rule....................................................................................................... Lotus Connections Dogear Server IT policy rule................................................................................................................. Lotus Connections Profiles Server IT policy rule................................................................................................................. Secure Email policy group.............................................................................................................................................................. Canonical Certificate Domain Name IT policy rule............................................................................................................ Disable Certificate Address Checks IT policy rule.............................................................................................................. Security policy group...................................................................................................................................................................... Allow External Connections IT policy rule........................................................................................................................... Allow Internal Connections IT policy rule............................................................................................................................ Allow Outgoing Call When Locked IT policy rule................................................................................................................ Allow Resetting of Idle Timer IT policy rule......................................................................................................................... Allow Screen Shot Capture IT policy rule............................................................................................................................ Allow Smart Card Password Caching IT policy rule........................................................................................................... Allow Split-Pipe Connections IT policy rule........................................................................................................................ Allow Third Party Apps to Use Persistent Store IT policy rule.......................................................................................... Allow Third Party Apps to Use Serial Port IT policy rule.................................................................................................... Allowed Authentication Mechanisms IT policy rule........................................................................................................... Certificate Status Maximum Expiry Time IT policy rule..................................................................................................... Content Protection of Contact List IT policy rule................................................................................................................ Content Protection Strength IT policy rule.......................................................................................................................... Desktop Backup IT policy rule............................................................................................................................................... Disable 3DES Transport Crypto IT policy rule.....................................................................................................................
142 142 142 143 143 144 144 144 145 145 145 146 146 147 147 147 148 148 148 149 149 149 150 150 151 151 152 152 153 153 154 154 155 156 157
Disable BlackBerry App World IT policy rule....................................................................................................................... Disable Certificate or Key Import From External Memory IT policy rule......................................................................... Disable Cut/Copy/Paste IT policy rule................................................................................................................................ Disable External Memory IT policy rule............................................................................................................................... Disable Forwarding Between Services IT policy rule.......................................................................................................... Disable Geo-Tagging of Photos IT policy rule.................................................................................................................... Disable GPS IT policy rule..................................................................................................................................................... Disable Invalid Certificate Use IT policy rule...................................................................................................................... Disable IP Modem IT policy rule........................................................................................................................................... Disable Key Store Backup IT policy rule.............................................................................................................................. Disable Key Store Low Security IT policy rule..................................................................................................................... Disable Media Manager FTP Access.................................................................................................................................... Disable Message Normal Send IT policy rule...................................................................................................................... Disable Peer-to-Peer Normal Send IT policy rule.............................................................................................................. Disable Persisted Plain Text IT policy rule........................................................................................................................... Disable Public Photo Sharing Applications IT policy rule.................................................................................................. Disable Public Social Networking Applications IT policy rule........................................................................................... Disable Radio When Cradled IT policy rule......................................................................................................................... Disable Revoked Certificate Use IT policy rule................................................................................................................... Disable Smart Password Entry IT policy rule....................................................................................................................... Disable Stale Certificate Status Checks IT policy rule....................................................................................................... Disable Stale Status Use IT policy rule................................................................................................................................ Disable Untrusted Certificate Use IT policy rule................................................................................................................ Disable Unverified Certificate Use IT policy rule................................................................................................................ Disable Unverified CRLs IT policy rule................................................................................................................................. Disable USB Mass Storage IT policy rule............................................................................................................................. Disable Weak Certificate Use IT policy rule........................................................................................................................ Disallow Third Party Application Downloads IT policy rule............................................................................................... Encryption on On-Board Device Memory Media Files IT policy rule............................................................................... External File System Encryption Level IT policy rule.......................................................................................................... FIPS Level IT policy rule......................................................................................................................................................... Firewall Block Incoming Messages IT policy rule............................................................................................................... Firewall Whitelist Addresses IT policy rule.......................................................................................................................... Force Content Protection Of Master Keys IT policy rule................................................................................................... Force Device Password Entry While User Authentication is Enabled IT policy rule.......................................................
157 157 158 158 159 159 159 160 160 161 161 162 162 163 164 164 165 165 166 166 167 167 168 168 169 169 169 170 171 171 172 173 174 174 175
Force LED Blinking When Microphone Is On IT policy rule............................................................................................... Force Lock When Closed IT policy rule................................................................................................................................. Force Lock When Holstered IT policy rule........................................................................................................................... Force Multi Factor Authentication IT policy rule................................................................................................................ Force Notifications for Keys with Medium Security Level IT policy rule.......................................................................... Force Smart Card Reader Challenge Response while User Authentication is enabled IT policy rule......................... Force Smart Card Two Factor Authentication IT policy rule.............................................................................................. Force Smart Card Two Factor Challenge Response IT policy rule.................................................................................... Key Store Password Maximum Timeout IT policy rule....................................................................................................... Lock on Proximity Authenticator Disconnect IT policy rule............................................................................................... Lock on Smart Card Removal IT policy rule......................................................................................................................... Login Disclaimer IT policy rule.............................................................................................................................................. Maximum Smart Card User Authenticator Certificate Status Check Period IT policy rule........................................... Media Card Format on Device Wipe IT policy rule............................................................................................................. Message Classification IT policy rule................................................................................................................................... Message Classification Title IT policy rule........................................................................................................................... Minimal Encryption Key Store Security Level IT policy rule.............................................................................................. Minimal Signing Key Store Security Level IT policy rule.................................................................................................... Password Required for Application Download IT policy rule............................................................................................ Require Secure APB Messages IT policy rule...................................................................................................................... Required Password Pattern IT policy rule............................................................................................................................ Reset to Factory Defaults on Wipe IT policy rule................................................................................................................ Secure Wipe Delay After IT Policy Received IT policy rule................................................................................................ Secure Wipe Delay After Lock IT policy rule........................................................................................................................ Secure Wipe if Low Battery IT policy rule............................................................................................................................. Security Service Colors IT policy rule................................................................................................................................... Security Transcoder Cod File Hashes IT policy rule........................................................................................................... Trusted Certificate Thumbprints IT policy rule.................................................................................................................... Two Factor Content Protection Usage IT policy rule.......................................................................................................... Weak Digest Algorithms IT policy rule................................................................................................................................. S/MIME Application policy group................................................................................................................................................. Entrust Messaging Server (EMS) Email Address IT policy rule......................................................................................... S/MIME Allowed Content Ciphers IT policy rule................................................................................................................ S/MIME Allowed Encrypted Attachment Mode IT policy rule.......................................................................................... S/MIME Allowed Encryption Types IT policy rule...............................................................................................................
175 176 176 176 177 177 178 179 179 180 180 181 182 182 183 183 183 184 185 185 185 186 187 187 188 188 189 189 190 191 191 192 192 193 193
S/MIME Blind Copy Address IT policy rule.......................................................................................................................... S/MIME Force Digital Signature IT policy rule................................................................................................................... S/MIME Force Encrypted Messages IT policy rule............................................................................................................. S/MIME Force Smartcard Use IT policy rule....................................................................................................................... S/MIME Minimum Strong DH Key Length IT policy rule.................................................................................................. S/MIME Minimum Strong DSA Key Length IT policy rule................................................................................................. S/MIME Minimum Strong ECC Key Length IT policy rule................................................................................................. S/MIME Minimum Strong RSA Key Length IT policy rule................................................................................................. S/MIME More All and Send Mode IT policy rule................................................................................................................ Service Exclusivity policy group..................................................................................................................................................... Allow Other Browser Services IT policy rule........................................................................................................................ Allow Other Calendar Services IT policy rule...................................................................................................................... Allow Other Message Services IT policy rule...................................................................................................................... Allow Public AIM Services IT policy rule.............................................................................................................................. Allow Public Google Talk Services IT policy rule................................................................................................................. Allow Public ICQ Services IT policy rule.............................................................................................................................. Allow Public IM Services IT policy rule................................................................................................................................. Allow Public WLM Services IT policy rule............................................................................................................................. Allow Public Yahoo! Messenger Services IT policy rule..................................................................................................... Allow T-Mobile Mobile Backup Contact Sync IT policy rule.............................................................................................. SIM Application Toolkit policy group............................................................................................................................................ Disable Network Location Query IT policy rule.................................................................................................................. Disable SIM Call Control IT policy rule................................................................................................................................ Disable SIM Originated Calls IT policy rule......................................................................................................................... Smart Dialing policy group............................................................................................................................................................ Enable Smart Dialing Policy IT policy rule........................................................................................................................... Set Local Area Code IT policy rule........................................................................................................................................ Set Local Country Code IT policy rule.................................................................................................................................. Set National Number Length IT policy rule......................................................................................................................... Smart Dialing Allow Device Changes IT policy rule........................................................................................................... TCP policy group............................................................................................................................................................................. TCP APN IT policy rule........................................................................................................................................................... TCP Password IT policy rule.................................................................................................................................................. TCP Username IT policy rule................................................................................................................................................. TLS Application policy group.........................................................................................................................................................
194 194 195 195 196 196 197 197 198 198 198 199 199 200 200 200 201 201 202 202 202 202 203 203 204 204 204 205 205 206 207 207 207 207 208
TLS Device Side Only IT policy rule...................................................................................................................................... TLS Disable Invalid Connection IT policy rule..................................................................................................................... TLS Disable Untrusted Connection IT policy rule............................................................................................................... TLS Disable Weak Ciphers IT policy rule.............................................................................................................................. TLS Disable Weak Digests IT policy rule.............................................................................................................................. TLS Minimum Strong DH Key Length IT policy rule........................................................................................................... TLS Minimum Strong DSA Key Length IT policy rule......................................................................................................... TLS Minimum Strong ECC Key Length IT policy rule......................................................................................................... TLS Minimum Strong RSA Key Length IT policy rule......................................................................................................... TLS Prevent Unmatched Domain Name IT policy rule...................................................................................................... TLS Restrict FIPS Ciphers IT policy rule............................................................................................................................... User Feedback IT policy group...................................................................................................................................................... Allow User Feedback IT policy rule...................................................................................................................................... Visual Voice Mail policy group...................................................................................................................................................... Allow Users to Save Messages IT policy rule...................................................................................................................... Disable Visual Voice Mail IT policy rule............................................................................................................................... Password Complexity IT policy rule...................................................................................................................................... Require Password IT policy rule............................................................................................................................................ VoIP policy group............................................................................................................................................................................ Allow VoIP IT policy rule........................................................................................................................................................ Disable VoIP User Profiles IT policy rule............................................................................................................................. SIP Authentication ID IT policy rule..................................................................................................................................... SIP Domain IT policy rule...................................................................................................................................................... SIP Local Port IT policy rule................................................................................................................................................... SIP Realm IT policy rule......................................................................................................................................................... SIP Registration Timeout IT policy rule................................................................................................................................ SIP RTP Media Port IT policy rule......................................................................................................................................... SIP Server Name IT policy rule.............................................................................................................................................. SIP Server Port IT policy rule................................................................................................................................................. SIP Server Transport IT policy rule....................................................................................................................................... SIP Server Type IT policy rule................................................................................................................................................ SIP User Display Name IT policy rule.................................................................................................................................. SIP User ID IT policy rule....................................................................................................................................................... SIP User Password IT policy.................................................................................................................................................. VoIP Allow BlackBerry Device Changes IT policy rule.......................................................................................................
208 208 209 209 210 210 211 211 212 213 213 213 214 214 214 214 215 215 216 216 216 217 217 217 218 218 219 219 219 220 220 221 221 222 222
VoIP Emergency Number IT policy rule............................................................................................................................... VoIP Enable Attended Call Transfer IT policy rule.............................................................................................................. VoIP Enable Call Hold IT policy rule..................................................................................................................................... VoIP Enable Unattended Call Transfer IT policy rule......................................................................................................... VPN policy group............................................................................................................................................................................ Disable VPN User Profiles IT policy rule.............................................................................................................................. Enable VPN IT policy rule...................................................................................................................................................... Use VPN Xauth IT policy rule................................................................................................................................................ VPN Allow Handheld Changes IT policy rule...................................................................................................................... VPN Allow Password Save IT policy rule............................................................................................................................. VPN Disable Prompt for Credentials Re-Entry IT policy rule............................................................................................ VPN DNS Configuration IT policy rule................................................................................................................................. VPN Domain Name IT policy rule......................................................................................................................................... VPN Gateway Address IT policy rule.................................................................................................................................... VPN Group Name IT policy rule........................................................................................................................................... VPN Group Password IT policy rule..................................................................................................................................... VPN IKE Cipher IT policy rule............................................................................................................................................... VPN IKE DH Group IT policy rule......................................................................................................................................... VPN IKE Hash IT policy rule.................................................................................................................................................. VPN IPSec Cipher and Hash IT policy rule.......................................................................................................................... VPN Minimal Certificate Encryption Key Security Level IT policy rule............................................................................ VPN NAT Keep Alive IT policy rule....................................................................................................................................... VPN Password Hidden on Input IT policy rule.................................................................................................................... VPN PFS IT policy rule........................................................................................................................................................... VPN Primary DNS IT policy rule........................................................................................................................................... VPN Secondary DNS IT policy rule...................................................................................................................................... VPN User Name IT policy rule.............................................................................................................................................. VPN User Password IT policy rule........................................................................................................................................ VPN Vendor Type IT policy rule............................................................................................................................................ VPN Xauth Type IT policy rule.............................................................................................................................................. Wi-Fi policy group........................................................................................................................................................................... BlackBerry Infrastructure Wi-Fi Access Mode IT policy rule............................................................................................. Blocked Wi-Fi SSIDs IT policy rule........................................................................................................................................ Disable GAN-Only Mode IT policy rule............................................................................................................................... Disable GAN-Preferred Mode IT policy rule.......................................................................................................................
223 223 224 224 224 224 225 225 226 226 227 227 227 228 228 229 229 229 230 230 231 231 232 232 232 233 233 234 234 235 235 235 236 236 237
Disable GAN Selection Mode Editing IT policy rule........................................................................................................... Disable WAN-Only Mode IT policy rule............................................................................................................................... Disable WAN-Preferred Mode IT policy rule....................................................................................................................... Disable Wi-Fi IT policy rule.................................................................................................................................................... Disable Wi-Fi Direct Access to BlackBerry Enterprise Server IT policy rule.................................................................... Disable Wi-Fi User Profiles IT policy rule............................................................................................................................. GAN Signal Quality Threshold IT policy rule...................................................................................................................... GAN Signal Strength Threshold IT policy rule.................................................................................................................... GAN Wi-Fi Threshold IT policy rule...................................................................................................................................... Wi-Fi Allow Handheld Changes IT policy rule..................................................................................................................... Wi-Fi Default Gateway IT policy rule.................................................................................................................................... Wi-Fi Default KEY ID IT policy rule....................................................................................................................................... Wi-Fi DHCP Configuration IT policy rule............................................................................................................................. Wi-Fi Disable Prompt for Credentials Re-Entry IT policy rule........................................................................................... Wi-Fi Enable Authentication Page IT policy rule................................................................................................................ Wi-Fi IP Address IT policy rule.............................................................................................................................................. Wi-Fi Link Security IT policy rule........................................................................................................................................... Wi-Fi Minimal EAP-TLS Certificate Encryption Key Security Level IT policy rule........................................................... Wi-Fi Password Hidden on Input IT policy rule................................................................................................................... Wi-Fi Preshared Key IT policy rule........................................................................................................................................ Wi-Fi Primary DNS IT policy rule.......................................................................................................................................... Wi-Fi Profile Forwarding Mode IT policy rule...................................................................................................................... Wi-Fi Secondary DNS IT policy rule..................................................................................................................................... Wi-Fi SSID IT policy rule........................................................................................................................................................ Wi-Fi Subnet Mask IT policy rule.......................................................................................................................................... Wi-Fi User Name IT policy rule............................................................................................................................................. Wi-Fi User Password IT policy rule....................................................................................................................................... Wi-Fi WEP Key 1 IT policy rule............................................................................................................................................... Wi-Fi WEP Key 2 IT policy rule.............................................................................................................................................. Wi-Fi WEP Key 3 IT policy rule.............................................................................................................................................. Wi-Fi WEP Key 4 IT policy rule.............................................................................................................................................. Wired Software Updates policy group.......................................................................................................................................... Allow Web-Based Software Loading IT policy rule............................................................................................................. Cryptographic Services Backup IT policy rule..................................................................................................................... Wireless Software Upgrades policy group...................................................................................................................................
237 237 238 238 239 239 240 240 241 241 242 242 243 243 243 244 244 245 245 246 246 247 248 248 249 249 250 250 251 251 251 252 252 252 253
Allow Non Enterprise Upgrade IT policy rule...................................................................................................................... Disallow Device User Requested Rollback IT policy rule................................................................................................... Disallow Device User Requested Upgrade IT policy rule.................................................................................................. Disallow Patch Download Over International Roaming WAN IT policy rule................................................................... Disallow Patch Download Over Roaming WAN IT policy rule.......................................................................................... Disallow Patch Download Over WAN IT policy rule........................................................................................................... Disallow Patch Download Over Wi-Fi IT policy rule........................................................................................................... WTLS Application policy group...................................................................................................................................................... WTLS Disable Invalid Connection IT policy rule.................................................................................................................. WTLS Disable Untrusted Connection IT policy rule............................................................................................................ WTLS Disable Weak Ciphers IT policy rule........................................................................................................................... WTLS Minimum Strong DH Key Length IT policy rule........................................................................................................ WTLS Minimum Strong ECC Key Length IT policy rule...................................................................................................... WTLS Minimum Strong RSA Key Length IT policy rule...................................................................................................... WTLS Restrict FIPS Ciphers IT policy rule............................................................................................................................ 3 Descriptions of application control policy rules..................................................................................................................... Are Internal Network Connections Allowed application control policy rule............................................................................ Are External Network Connections Allowed application control policy rule........................................................................... Are Local Connections Allowed application control policy rule................................................................................................ Can Device Settings be Modified application control policy rule............................................................................................. Can the Security Timer be Reset application control policy rule.............................................................................................. Disposition application control policy rule................................................................................................................................... Is Access to the Browser Filters API Allowed application control policy rule.......................................................................... Is Access to the Email API Allowed application control policy rule.......................................................................................... Is Access to the Event Injection API Allowed application control policy rule.......................................................................... Is Access to the File API Allowed application control policy rule.............................................................................................. Is Access to the GPS API Allowed application control policy rule............................................................................................ Is Access to the Handheld Key Store Allowed application control policy rule........................................................................ Is Access to the Interprocess Communication API Allowed application control policy rule.................................................. Is Access to the Phone API Allowed application control policy rule......................................................................................... Is Access to the Media API Allowed application control policy rule......................................................................................... Is Access to the Module Management API Allowed application control policy rule.............................................................. Is Access to the PIM API Allowed application control policy rule............................................................................................. Is Access to the Screen, Microphone, and Video Capturing APIs Allowed application control policy rule.........................
253 253 254 254 255 255 255 256 256 256 257 257 258 259 260 261 261 261 262 262 262 263 263 263 264 264 264 265 265 266 266 266 267 267
Is Access to the Serial Port Profile for Bluetooth API Allowed application control policy rule.............................................. Is Access to the User Authenticator API Allowed application control policy rule.................................................................. Is Access to the Wi-Fi API Allowed application control policy rule........................................................................................... Is Key Store Medium Security Allowed application control policy rule.................................................................................... Is Theme Data Allowed application control policy rule.............................................................................................................. List of Browser Filter Domains application control policy rule.................................................................................................. List of External Domains application control policy rule............................................................................................................ List of Internal Domains application control policy rule............................................................................................................ 4 Configuration settings................................................................................................................................................................ Configuration settings for VoIP profiles....................................................................................................................................... Allow VoIP configuration setting.......................................................................................................................................... SIP Authentication ID configuration setting....................................................................................................................... SIP Domain configuration setting........................................................................................................................................ SIP Local Port configuration setting.................................................................................................................................... SIP Realm configuration setting........................................................................................................................................... SIP Registration Timeout configuration setting................................................................................................................. SIP RTP Media Port configuration setting........................................................................................................................... SIP Server Name configuration setting............................................................................................................................... SIP Server Port configuration setting.................................................................................................................................. SIP Server Transport configuration setting......................................................................................................................... SIP Server Type configuration setting.................................................................................................................................. SIP User Display Name configuration setting.................................................................................................................... SIP User ID configuration setting........................................................................................................................................ SIP User Password configuration setting............................................................................................................................ VoIP Allow BlackBerry Device Changes configuration setting......................................................................................... VoIP Emergency Number configuration setting................................................................................................................. VoIP Enable Attended Call Transfer configuration setting............................................................................................... VoIP Enable Call Hold configuration setting...................................................................................................................... VoIP Enable Unattended Call Transfer configuration setting.......................................................................................... Configuration settings for VPN profiles....................................................................................................................................... Enable VPN configuration setting........................................................................................................................................ Suppress VPN Banner configuration setting...................................................................................................................... Use VPN Xauth configuration setting................................................................................................................................. VPN Allow Handheld Changes configuration setting.......................................................................................................
268 268 269 269 270 270 270 271 272 272 272 272 273 273 273 274 274 275 275 275 276 276 277 277 278 278 279 279 279 280 280 280 281 281
VPN Allow Password Save configuration setting............................................................................................................... VPN Disable Server Certificate Validation configuration setting.................................................................................... VPN DNS Configuration configuration setting.................................................................................................................. VPN Domain Name configuration setting.......................................................................................................................... VPN Gateway Address configuration setting..................................................................................................................... VPN Group Name configuration setting............................................................................................................................. VPN Group Password configuration setting....................................................................................................................... VPN Hard Token Required configuration setting............................................................................................................... VPN IKE Cipher configuration setting................................................................................................................................. VPN IKE DH Group configuration setting........................................................................................................................... VPN IKE Hash configuration setting.................................................................................................................................... VPN IP Address configuration setting................................................................................................................................. VPN IPSec Cipher and Hash configuration setting........................................................................................................... VPN Minimal Certificate Encryption Key Security Level configuration setting.............................................................. VPN NAT Keep Alive configuration setting........................................................................................................................ VPN PFS configuration setting............................................................................................................................................. VPN Primary DNS configuration setting............................................................................................................................. VPN Profile Visibility configuration setting......................................................................................................................... VPN Profile Editability configuration setting...................................................................................................................... VPN Secondary DNS configuration setting........................................................................................................................ VPN Subnet Mask configuration setting............................................................................................................................. VPN Token Serial Number configuration setting............................................................................................................... VPN User Name configuration setting................................................................................................................................ VPN User Password configuration setting.......................................................................................................................... VPN Vendor Type configuration setting.............................................................................................................................. VPN Xauth Type configuration setting................................................................................................................................ Configuration settings for Wi-Fi profiles...................................................................................................................................... Associated Certificate Authority Configuration configuration setting............................................................................ Associated VoIP Configuration configuration setting....................................................................................................... Associated VPN Configuration configuration setting........................................................................................................ Wi-Fi Allow AP to AP Handover configuration setting...................................................................................................... Wi-Fi Allow Handheld Changes configuration setting...................................................................................................... Wi-Fi Allow Password Save configuration setting.............................................................................................................. Wi-Fi Band Type configuration setting................................................................................................................................ Wi-Fi BlackBerry Infrastructure Wi-Fi Access Mode configuration setting.....................................................................
282 282 283 283 283 284 284 285 285 285 286 286 287 287 288 288 288 289 289 289 290 290 291 291 292 292 293 293 293 293 294 294 295 295 295
Wi-Fi Default Gateway configuration setting..................................................................................................................... Wi-Fi Default KEY ID configuration setting........................................................................................................................ Wi-Fi DHCP Configuration configuration setting............................................................................................................... Wi-Fi Disable Server Certificate Validation configuration setting................................................................................... Wi-Fi Domain Suffix configuration setting.......................................................................................................................... Wi-Fi EAP-FAST Provisioning method configuration setting............................................................................................ Wi-Fi Enable Authentication Page configuration setting.................................................................................................. Wi-Fi Hard Token Required configuration setting.............................................................................................................. Wi-Fi Inner Authentication Mode configuration setting................................................................................................... Wi-Fi IP Address configuration setting................................................................................................................................ Wi-Fi Link Security configuration setting............................................................................................................................ Wi-Fi Minimal EAP-TLS Certificate Encryption Key Security Level configuration setting............................................. Wi-Fi Preshared Key configuration setting......................................................................................................................... Wi-Fi Primary DNS configuration setting............................................................................................................................ Wi-Fi Profile Editability configuration setting..................................................................................................................... Wi-Fi Profile Visibility configuration setting....................................................................................................................... Wi-Fi Protected Access Credential Key configuration setting.......................................................................................... Wi-Fi Roaming Threshold configuration setting................................................................................................................. Wi-Fi Secondary DNS configuration setting....................................................................................................................... Wi-Fi Server SAN configuration setting............................................................................................................................... Wi-Fi Server Subject configuration setting......................................................................................................................... Wi-Fi SSID configuration setting.......................................................................................................................................... Wi-Fi Subnet configuration setting...................................................................................................................................... Wi-Fi Token Serial Number configuration setting.............................................................................................................. Wi-Fi User Name configuration setting............................................................................................................................... Wi-Fi User Password configuration setting......................................................................................................................... Wi-Fi WEP Key 1 configuration setting................................................................................................................................. Wi-Fi WEP Key 2 configuration setting................................................................................................................................ Wi-Fi WEP Key 3 configuration setting................................................................................................................................ Wi-Fi WEP Key 4 configuration setting................................................................................................................................
296 297 297 297 298 298 299 299 300 300 300 301 301 302 302 303 303 303 304 304 305 305 306 306 306 307 307 308 308 309
5 Examples of security policy goals............................................................................................................................................. 310 Defining acceptable use of passwords and passphrases on BlackBerry devices.................................................................... 311 Defining measures to protect BlackBerry devices from unauthorized use.............................................................................. 312 Defining the encryption strength that the BlackBerry device uses to protect data............................................................... 312
Restricting unsecured messaging........................................................................................................................................ Defining measures to prevent threats from viruses and malicious users................................................................................ Limiting the resources that third-party applications installed on BlackBerry devices can access............................... Limiting user control of third-party applications on BlackBerry devices......................................................................... Preventing RIM value-added applications from running on BlackBerry devices.................................................................... 6 Glossary.........................................................................................................................................................................................
313 313 314 315 315 317
7 Provide feedback......................................................................................................................................................................... 323 8 Legal notice.................................................................................................................................................................................. 324
IT policy rules
IT policy rules
You can assign IT policies to BlackBerry devices to satisfy your organization's security policy requirements and to reflect the needs of users who use the BlackBerry devices. For example, you can create an IT policy, configure the IT policy rules for executivelevel feature and security requirements, add executives to a group, and assign the IT policy to the group. For more information about how to create an IT policy, configure an IT policy rule, and assign an IT policy to a user account or group, see the BlackBerry Enterprise Server Administration Guide.
Using IT policy rules on other devices

A device that is running BlackBerry Connect software or BlackBerry Built-In software can use all the IT policy rules that are associated with the supported features of the BlackBerry Connect software or BlackBerry Built-In software. The BlackBerry Connect software or BlackBerry Built-In software ignore IT policy rules that are associated with unsupported features. Although the BlackBerry Connect software or BlackBerry Built-In software might support an IT policy rule, the device that it is running on might not. For more information, contact your organization's device supplier. Devices that are running the BlackBerry Application Suite can use all the IT policy rules that are associated with the supported features of the BlackBerry Application Suite. The BlackBerry Application Suite ignores IT policy rules that are associated with unsupported features.
Preconfigured IT policies
The BlackBerry Enterprise Server includes the following preconfigured IT policies that you can change to create IT policies that meet the requirements of your organization. Preconfigured IT policy Default Basic Password Security Description This policy includes all the standard IT policy rules that are set on the BlackBerry Enterprise Server. Similar to the Default IT policy, this policy also requires a basic password that users can use to log in to the BlackBerry device. Users must change the passwords regularly. The IT policy includes a password timeout that locks the BlackBerry device. Similar to the Default IT policy, this policy also requires a complex password that users can use to log in to the BlackBerry device. Users must change the passwords regularly. This policy includes a maximum password history and turns off Bluetooth technology on the BlackBerry device.
Medium Password Security
21
New IT policy rules in this release
Preconfigured IT policy Medium Security with No 3rd Party Applications
Description Similar to the Medium Password Security, this policy requires a complex password that a user must change frequently, a security timeout, and a maximum password history. This policy prevents users from making their BlackBerry devices discoverable by other Bluetooth enabled devices and turns off the ability of BlackBerry devices to download third-party applications. Similar to the Default IT policy, this IT policy also requires a complex password that a user must change frequently, a password timeout that locks the BlackBerry device, and a maximum password history. This policy restricts Bluetooth technology on the BlackBerry device, turns on strong content protection, turns off USB mass storage, and requires the BlackBerry device to encrypt external file systems. Similar to the Advanced Security IT policy, this IT policy requires a complex password that a user must change frequently, a password timeout that locks the BlackBerry device, and a maximum password history. This policy restricts Bluetooth technology on the BlackBerry device, turns on strong content protection, turns off USB mass storage, requires the BlackBerry device to encrypt external file systems, and turns off the ability of BlackBerry devices to download third-party applications.
Advanced Security
Advanced Security with No 3rd Party Applications

Policy group BlackBerry Messenger BlackBerry Messenger BlackBerry Messenger BlackBerry Messenger BlackBerry Messenger BlackBerry Messenger Date and Time Date and Time Date and Time Date and Time Rule Disable Check for Updates Disable Location Requests, Responses, and Proximity Alerts Disable Server Based Contact List Synchronization Disallow External Email Address for Server Registration Disallow Setting a Subject on Conversations Enforce Security Question in BlackBerry Messenger Invitation Automatic Time Zone Change Detection Enable Time Zone Definitions Update Periodic Time Synchronization Time Zone Definitions Automatic Update Interval BlackBerry Device Software (minimum requirement) 4.5 4.5 4.5 4.5 4.5 4.5 5.0 5.0 5.0 5.0
22
Policy group Date and Time Desktop Desktop Desktop Desktop Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging PIM Synchronization PGP Application RIM Value-Added Applications RIM Value-Added Applications RIM Value-Added Applications RIM Value-Added Applications RIM Value-Added Applications Security Security Security Security Security Security Security Security S/MIME Application TLS Application
Rule Time Zone Definitions Update Server Allow BlackBerry Desktop Software Statistics Allow External Device Software Servers Allow Personal Folder Reconciliation Generate Encrypted Backup Files Disable Automatic Login Disable Broadcast Messages Disable Emoticons Disable Offline Messaging for Enterprise Messenger Maximum File Transfer Size (Mb) Disable BlackBerry Messenger Wireless Synchronization PGP More All And Send Mode Allow Edits to BlackBerry Social Network Application Proxy URL for Lotus Quickr Allow TiVo for BlackBerry Application BlackBerry Social Network Application Proxy URL for Lotus Connections BlackBerry Social Network Application Proxy URL for Lotus Quickr Enable the "Tell A Friend" Feature in BlackBerry Client for Lotus Quickr Disable BlackBerry App World Disable Certificate or Key Import From External Memory Encryption on On-Board Device Memory Media Files Force Notifications for Keys with Medium Security Level Lock on Proximity Authenticator Disconnect Login Disclaimer Media Card Format on Device Wipe Two Factor Content Protection Usage S/MIME More All And Send Mode TLS Disable Weak Digests
BlackBerry Device Software (minimum requirement) 5.0 4.5 4.5 4.5 4.5 4.5 5.0 5.0 5.0 4.2 5.0 5.0 5.0 4.2 5.0 5.0 5.0 5.0 5.0 5.0 5.0 5.0 4.7.1
23
Policy group TLS Application User Feedback Wired Software Updates Wired Software Updates
Rule TLS Prevent Unmatched Domain Name Allow User Feedback Allow Web-Based Software Loading Cryptographic Services Backup
BlackBerry Device Software (minimum requirement) 5.0 5.0 5.0 5.0
For information about adding new IT policy rules to a BlackBerry Enterprise Server version earlier than the minimum requirement, visit www.blackberry.com/btsc to read article KB05439.
24
Descriptions of IT policy rules
Descriptions of IT policy rules

Desktop Only items
Auto Backup Enabled IT policy rule
Description
This rule specifies whether the automatic backup option in the backup and restore tool of the BlackBerry Desktop Manager or BlackBerry Web Desktop Manager is turned on.
Default value
The default value is No.
Usage
To allow the backup and restore tool to back up BlackBerry device data automatically, change this rule to Yes. Automatic backups can help provide recent BlackBerry device data for recovery if you need to replace a lost or stolen BlackBerry device.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.
Auto Backup Exclude Messages IT policy rule

Description
This rule specifies whether messages are excluded when an automatic backup occurs.
Default value
Dependencies
If you change this rule to Yes, you must configure the Auto Backup Include All IT policy rule to No.
BlackBerry Application Suite version 1.0
25
Desktop Only items
BlackBerry Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
Auto Backup Exclude Synchronization IT policy rule

Description
This rule specifies whether application data that is synchronized with desktop organizer applications is excluded when an automatic backup occurs.
Default value
Dependencies
If you change this rule to Yes, you must configure the Auto Backup Include All IT policy rule to No.
Exceptions
Auto Backup Frequency IT policy rule

Description
This rule specifies how often (in days) automatic backups occur. The permitted range is 1 through 99 days.
Default value
The default value is 7 days.
Usage
Change this value to a minimum of 2 days so that backups of BlackBerry device data occur more frequently, to a maximum of 99 days.
26
Desktop Only items
If a user's computer memory is limited, save backup files to a network drive.
Exceptions
Auto Backup Include All IT policy rule

Description
This rule specifies whether all BlackBerry device data is included when an automatic backup occurs.
Default value
The default value is Yes.
Usage
By default, in the backup and restore tool options, the Backup all device application data option is selected. If you configure the Auto Backup Exclude Sync or Auto Backup Exclude Messages IT policy rules to Yes, change this rule to No.
Exceptions
Disable Wireless Calendar IT policy rule

Description
This rule specifies whether users can use the wireless calendar synchronization option in the synchronization tool of the BlackBerry Desktop Manager.
Default value
Usage
27
Desktop Only items
Change this rule to Yes to prevent users from using wireless calendar synchronization.
Exceptions
Do Not Save Sent Messages IT policy rule

Description
This rule specifies whether a BlackBerry device saves a copy of each email message that a user sends in the sent messages folder on the user's computer.
Default value
The default value is No. The BlackBerry device saves a copy of each email message that a user sends.
Usage
Change this rule to Yes to prevent the storage of email messages that a user sends from a BlackBerry device.
Exceptions
Force Load Count IT policy rule

Description
This rule specifies the number of times that users can decline to update the BlackBerry Device Software before they must update it. The permitted range is -1 through 1000 times.
Default value
The default value is No Limit.
Usage
28
Desktop Only items
To turn off mandatory updates of the BlackBerry Device Software, change this rule to -1. To turn on the forced update feature, change this rule to 0 or higher. If you turn on the feature, when a user logs in and connects a BlackBerry device to a computer, the BlackBerry Desktop Manager or BlackBerry Web Desktop Manager version 1.0 or 1.0.1 automatically checks whether newer versions of the software are available and prompts the user to update the BlackBerry device. This rule is obsolete in BlackBerry Web Desktop Manager version 5.0 and later.
Exceptions
Force Load Message IT policy rule

Description
This rule specifies the message that appears when users are prompted to update the BlackBerry Device Software to a later version.
Default value
The default value is a null value.
Usage
This rule is obsolete in BlackBerry Web Desktop Manager version 5.0 and later.
Dependencies
A BlackBerry device uses this rule only if you configure the Force Load Count IT policy rule to 0 or higher.
Exceptions
29
Desktop Only items
Forward Messages In Cradle IT policy rule

Description
This rule specifies whether a BlackBerry device receives email messages while it is connected to a computer. The BlackBerry Enterprise Server configures this value.
Default value
The default value is Yes. By default, a BlackBerry device receives email messages from the inbox only.
Usage
When you change this rule, the option changes in the email settings tool of the BlackBerry Desktop Manager.
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.5 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange or BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Message Conflict Mailbox Wins IT policy rule

Description
This rule specifies whether the email application on a computer takes precedence over a BlackBerry device when a conflict occurs during organizer data synchronization.
Default value
Exceptions
30
Desktop Only items
Message Prompt IT policy rule

Description
This rule specifies the message that should appear when the BlackBerry Desktop Software starts.
Default value
Exceptions
Show Application Loader IT policy rule

Description
This rule specifies whether the application loader tool appears in the BlackBerry Desktop Manager and the BlackBerry Web Desktop Manager.
Default value
Usage
Change this rule to No to hide the Device Software tab in the BlackBerry Web Desktop Manager and the Application Loader icon in the BlackBerry Desktop Manager. This rule is obsolete in BlackBerry Web Desktop Manager version 5.0 and later.
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange or BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule with BlackBerry Web Desktop Manager version 1.0 or 1.0.1 only.
31
Desktop Only items
Show Web Link IT policy rule

Description
This rule specifies whether the link icon for the Internet appears in the BlackBerry Desktop Manager.
Default value
Usage
You can use this rule when you manage BlackBerry devices that are running BlackBerry Application Suite versions 1.0 and later.
Dependencies
The link icon appears only if you configure a default web address using the Web Link URL IT policy rule.
Exceptions
Synchronize Messages Instead Of Importing IT policy rule

Description
This rule specifies whether a BlackBerry device can synchronize email messages and folders in the email application on a user's computer and on the BlackBerry device instead of applying the changes to the BlackBerry device only.
Default value
Exceptions
32
Desktop Only items
Web Link Label IT policy rule

Description
This rule specifies the name of the web link icon, if it appears in the BlackBerry Desktop Manager.
Default value
The default value is Downloads.
Usage
Configure the label according to your organization's requirements.
Dependencies
If you configure this rule, you must also change the Show Web Link IT policy rule to Yes so that the web link icon appears.
Exceptions
Web Link URL IT policy rule

Description
This rule specifies the web address for the web link icon, if it appears in the BlackBerry Desktop Manager.
Default value
Dependencies
If you configure this rule, you must also configure the Show Web Link IT policy rule to Yes so that the web link icon appears.
Exceptions
33
Device Only Items
Device Only Items

Allow BCC Recipients IT policy rule
Description
This rule specifies whether a BlackBerry device user can include BCC recipients when composing email messages on a BlackBerry device.
Default value
C++ based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6 BlackBerry Application Suite version 1.0 BlackBerry Connect versions 1.2, 2.0, 2.1, or 4.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are running BlackBerry Device Software version 4.0 or later.
Allow Peer-to-Peer Messages IT policy rule

Description
This rule specifies whether a user can send PIN messages.
Default value
Usage
Change this rule to No to prevent users from sending PIN messages. Changing this rule to No does not prevent users from receiving PIN messages.
Dependencies
34
Device Only Items
To block incoming PIN messages, in the Security policy group, configure the Firewall Block Incoming Messages IT policy rule to PIN Messages (Public) and PIN Messages (Corporate).
C++ based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6 BlackBerry Application Suite version 1.0 BlackBerry Connect versions 1.2, 2.0, 2.1, 4.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
Allow SMS IT policy rule

Description
This rule specifies whether a user can send SMS text messages.
Default value
Usage
Change this rule to No to prevent a user from sending SMS text messages. Changing this rule to No does not prevent a user from receiving SMS text messages.
Dependencies
To block incoming SMS text messages, in the Security policy group, configure the Firewall Block Incoming Messages IT policy rule.
Java based BlackBerry device BlackBerry Connect versions 1.2, 2.0, 2.1, 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
35
Device Only Items
Default Browser Config UID IT policy rule

Description
This rule specifies a unique ID for the browser configuration service book, which specifies the default browser configuration on a BlackBerry device. For more information about the browser configurations that are available on a BlackBerry device, see the Browser policy group.
Default value
Java based BlackBerry device BlackBerry Connect versions 2.1 or 4.0 (internal) BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
Enable Long-Term Timeout IT policy rule

Description
This rule specifies whether a BlackBerry device locks after a predefined period of time, regardless of user activity.
Default values
The default value in the Default and Basic password security IT policies is a null value. The default value in all other IT policies is Yes. The BlackBerry device locks automatically after 60 minutes.
Dependencies
Use the Periodic Challenge Time IT policy rule to shorten or extend the timeout interval.
Java based BlackBerry device BlackBerry Connect versions 1.2, 2.0, 2.1, 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
36
Device Only Items
Enable WAP Config IT policy rule

Description
This rule specifies whether a separate icon appears on a BlackBerry device if the appropriate service books are present for the WAP Browser. For more information about the browser configurations that are available on a BlackBerry device, see the Browser policy group.
Default value
Usage
Change this rule to No to turn off the WAP service and hide the WAP Browser icon on a BlackBerry device. Turning off the WAP service might turn off the ability to send and receive MMS messages if your organization's network service provider uses the WAP service for MMS messaging.
Java based BlackBerry device BlackBerry Connect versions 2.1, 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
Home Page Address IT policy rule

Description
This rule specifies the BlackBerry Browser home page. For more information about the browser configurations that are available on a BlackBerry device, see the Browser policy group.
Default value
Usage
If you do not configure this rule, a BlackBerry device uses the default home page.
37
Device Only Items
C++ based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
Home Page Address Is Read-Only IT policy rule

Description
This rule specifies whether a user can change the BlackBerry Browser home page.
Default value
C++ based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
Maximum Password Age IT policy rule

Description
This rule specifies the number of days before a BlackBerry device password expires and a user must set a new password. The permitted range is 0 through 65,535 days.
Default values
The default value in the Default IT policy is a null value. The default value in the Basic password security IT policy is 60 days.
38
Device Only Items
The default value in all other preconfigured IT policies is 30 days.
Usage
If you configure this rule to 0, the BlackBerry device password does not expire.
Dependencies
A BlackBerry device uses this rule only if the Password Required rule is configured to Yes.
C++-based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6 BlackBerry Application Suite version 1.0 BlackBerry Connect version 1.2, 2.0, 2.1, or 4.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
Maximum Security Timeout IT policy rule

Description
This rule specifies the maximum time (in minutes) that a BlackBerry device user can specify as the security timeout value. The security timeout value is the number of minutes of inactivity before the BlackBerry device locks. The permitted range is 10 through 480 minutes.
Default values
The default value in the Default IT policy is a null value. The default value in the Basic password security IT policy is 30 minutes. The default value in all other preconfigured IT policies is 10 minutes.
Dependencies
A BlackBerry device uses this rule only if the Password Required rule is configured to Yes. A BlackBerry device user can specify any timeout value that is lower than the maximum value, unless you configure the User Can Change Timeout rule to No. To configure a timeout value, in the Password policy group, configure the Set Password Timeout rule.
C++ based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6
39
Device Only Items
BlackBerry Application Suite version 1.0 BlackBerry Connect version 1.2, 2.0, 2.1, or 4.0 BlackBerry Enterprise Server version 3.5
Minimum Password Length IT policy rule

Description
This rule specifies the minimum number of characters that are required for a BlackBerry device password. The permitted range is 4 through 14 characters. The maximum password length, which this rule does not control, is 32 characters.
Default value
Dependencies
A BlackBerry device uses this rule only if the Password Required rule is configured to Yes. If the FIPS Level IT policy rule is configured to 2, by default, a BlackBerry device requires a minimum password length of 5 characters.
C++ based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6 BlackBerry Application Suite version 1.0 BlackBerry Connect versions 1.2, 2.0, 2.1 or 4.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
Password Pattern Checks IT policy rule

Description
This rule specifies whether to verify that a BlackBerry device password matches specific character pattern requirements.
Default values
The default value in the Default and Basic password security IT policies is No restriction. The default value in all other preconfigured IT policies is At least one alpha character and one numeric character.
Usage
40
Device Only Items
Change this rule to At least 1 alpha and 1 numeric character to require that a BlackBerry device user enter at least 1 alphabetic character and 1 numeric character. Change this rule to At least 1 alpha, 1 numeric, and 1 special character to require that a BlackBerry device user enter at least 1 alphabetic, 1 numeric and 1 special character. Change this rule to At least 1 upper-case alpha, one lower-case alpha, 1 numeric, and 1 special character to require that a BlackBerry device user enter at least 1 upper-case alphabetic, one lower-case alphabetic, 1 numeric, and 1 special character. If you select option 2 or 3, password pattern checking is not available for C++ based BlackBerry devices. By default, a BlackBerry device prevents setting passwords that use a natural sequence of characters or numbers. If a symbol is inserted into a natural sequence, a BlackBerry device can use the password.
Dependencies
C++ based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6 BlackBerry Application Suite version 1.0 BlackBerry Connect version 1.2, 2.0, 2.1, or 4.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
Password Required IT policy rule

Description
This rule specifies whether a user must configure a password on a BlackBerry device.
Default values
The default value in the Default IT policy is No. The default value in all other preconfigured IT policies is Yes.
Dependencies
If the FIPS Level IT policy rule is configured to 2, by default, a user must configure a password.
C++ based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6 BlackBerry Application Suite version 1.0
41
Device Only Items
BlackBerry Connect versions 1.2, 2.0, 2.1 or 4.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
User Can Change Timeout IT policy rule

Description
This rule specifies whether a BlackBerry device user can override the security timeout value.
Default value
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect versions 1.2, 2.0, 2.1, 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
User Can Disable Password IT policy rule

Description
This rule specifies whether a user can turn off the requirement for a BlackBerry device security password.
Default values
The default value in the Default IT policy is Yes. The default value in all other preconfigured IT policies is No. A user cannot turn off the requirement for a BlackBerry device security password.
Dependencies
42
Global items
This rule is obsolete for Java based BlackBerry devices that are running BlackBerry Device Software version 4.0 or later and C++ based BlackBerry devices that are running BlackBerry Device Software version 2.7.
C++ based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6 BlackBerry Application Suite version 1.0 BlackBerry Connect version 1.2, 2.0, 2.1, or 4.0 BlackBerry Enterprise Server version 3.5
Exceptions
Global items
Allow Browser IT policy rule
Description
This rule specifies whether the BlackBerry Browser is available on a BlackBerry device.
Default value
Usage
This rule does not affect other browsers such as the WAP browser. For more information about the browser configurations that are available on a BlackBerry device, see the Browser policy group.
C++ based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6 BlackBerry Application Suite version 1.0 BlackBerry Connect versions 1.2, 2.0, 2.1, or 4.0 (internal) BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
43
Global items
Allow Phone IT policy rule

Description
This rule specifies whether the phone is available on a BlackBerry device.
Default value
Usage
Change this rule to No to prevent a user from making and receiving any calls except emergency calls. The phone icon remains on the BlackBerry device.
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect versions 1.2, 2.0, 2.1, 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
Auto Signature IT policy rule

Description
This rule specifies the signature that is attached automatically to outgoing email messages.
Default value
Usage
Use this rule to add a disclaimer to the end of email messages that a user sends from a BlackBerry device. This rule is obsolete in BlackBerry Enterprise Server version 4.1 SP2 and later.
BlackBerry Desktop Software version 3.5 BlackBerry Enterprise Server for IBM Lotus Domino version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.5
Exceptions
44
Application Center policy group
The BlackBerry Enterprise Server for Microsoft Exchange supports this rule in BlackBerry Enterprise Server versions 3.5 to 4.1 SP2. The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Application Center policy group

Disable Application Center IT policy rule
Description
This rule specifies whether to prevent the application center from running on a BlackBerry device.
Default value
Usage
Change this rule to Yes to prevent a BlackBerry device user from accessing the application center.
Java based BlackBerry device BlackBerry Device Software version 4.3 BlackBerry Enterprise Server version 4.1 SP6
Disable Carrier Directory IT policy rule

Description
This rule specifies whether to prevent a user from accessing the carrier directory in the application center on a BlackBerry device.
Default value
Usage
Change this rule to Yes to prevent a user from accessing the carrier directory in the application center.
45
BlackBerry Messenger policy group

Disable BlackBerry Messenger IT policy rule
Description
This rule specifies whether the BlackBerry Messenger is turned off.
Default value
Usage
Change this rule to Yes to turn off the BlackBerry Messenger. This might help prevent risks that are associated with PIN messaging. For more information about PIN messaging risks, see the BlackBerry Enterprise Solution Security Technical Overview.
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP2
Disable Check for Updates IT policy rule

Description
This rule specifies whether a BlackBerry device checks automatically for a version of the BlackBerry Messenger that is more recent than the version that is currently on the BlackBerry device.
Default value
The default value is No. The BlackBerry device checks automatically for a more recent version of the BlackBerry Messenger.
Disable Location Requests, Responses, and Proximity Alerts IT policy rule

Description
46
This rule specifies whether a BlackBerry Messenger user can make location requests, respond to location requests, or request or send proximity alerts to another BlackBerry Messenger user.
Default value
The default value is No. A BlackBerry Messenger user can make location requests, respond to location requests, or request or send proximity alerts.
Disable Server Based Contact List Synchronization IT policy rule

Description
This rule specifies whether a BlackBerry device user can store the contact list for the BlackBerry Messenger in the BlackBerry Infrastructure.
Default value
The default value is No. A BlackBerry device user can store a contact list in the BlackBerry Infrastructure.
Usage
When the contact list for BlackBerry Messenger is stored in the BlackBerry Infrastructure, a user who frequently switches between BlackBerry devices can use the same synchronized contact list on all BlackBerry devices.
Disallow External Email Address for Server Registration IT policy rule

Description
This rule specifies whether a BlackBerry Messenger user can register an email address with the BlackBerry Messenger server if the email address is not associated with a BlackBerry Enterprise Server.
Default value
The default value is No. A BlackBerry Messenger user can register an email address with the BlackBerry Messenger server, even if the email address is not associated with a BlackBerry Enterprise Server.
Java based BlackBerry device
47
BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 5.0 SP1
Disallow Forwarding of Contacts IT policy rule

Description
This rule specifies whether a BlackBerry device user can forward a BlackBerry Messenger contact to another user.
Default value
The default value is No. A BlackBerry device user can forward a BlackBerry Messenger contact to another user.
Disallow Setting a Subject on Conversations IT policy rule

Description
This rule specifies whether a BlackBerry device user can type a subject for a BlackBerry Messenger conversation.
Default value
The default value is No. A BlackBerry device user can type a subject for a BlackBerry Messenger conversation.
Enforce Security Question in BlackBerry Messenger Invitation IT policy rule

Description
This rule specifies whether a BlackBerry device can enforce a security question for invitations that the BlackBerry Messenger processes over channels that might not be highly secure (for example, in email messages).
Default value
The default value is No. A BlackBerry device does not enforce a security question for invitations that the BlackBerry Messenger processes.
48
Messenger Audit Email Address IT policy rule

Description
This rule specifies the address that the BlackBerry device sends BlackBerry Messenger audit reports to.
Default value
The default value is a null value. BlackBerry Messenger turns off auditing and does not send reports.
Usage
Configure a value for this rule if you want to audit the use of BlackBerry Messenger in your organization.
Messenger Audit Max Report Interval IT policy rule

Description
This rule specifies the maximum amount of time (in hours) that can elapse between BlackBerry Messenger audit reports that a BlackBerry device sends when there is no new data. The permitted range is 1 through 8736 hours.
Default value
The default value is 168 hours.
Messenger Audit Report Interval IT policy rule

Description
49
BlackBerry Smart Card Reader policy group
This rule specifies the amount of time (in hours) that can elapse between BlackBerry Messenger audit reports that a BlackBerry device sends when there is new data. The permitted range is 1 through 8736 hours.
Default value
Usage
Change this rule to a shorter interval to manage the BlackBerry device memory.
Messenger Audit UID IT policy rule

Description
This rule specifies the unique identifier of the service book to use when a BlackBerry device sends BlackBerry Messenger audit reports.
Default value
The default value is a null value. The BlackBerry device uses the first available service that encrypts messages to send reports.

For more information about using the BlackBerry Smart Card Reader with computers and BlackBerry devices, see the BlackBerry Enterprise Solution Security Technical Overview and the BlackBerry Smart Card Reader Security Technical Overview.
Disable Auto Reconnect To BlackBerry Smart Card Reader IT policy rule

Description
This rule specifies whether a previously connected computer or BlackBerry device can reconnect to a BlackBerry Smart Card Reader automatically.
50
Turning off automatic reconnections is designed to increase the life of the BlackBerry device battery.
Default value
Usage
Select the Disable Auto Reconnect On BlackBerry option to prevent a BlackBerry device from reconnecting automatically to a BlackBerry Smart Card Reader. Select the Disable Auto Reconnect On PC option to prevent a computer from reconnecting automatically to a BlackBerry Smart Card Reader.
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP7 BlackBerry Smart Card Reader software version 1.5.1
Force Erase All Keys on BlackBerry Disconnected Timeout IT policy rule

Description
This rule specifies whether the secure pairing keys for connections between a computer or a BlackBerry device and the BlackBerry Smart Card Reader are deleted after the connection closes.
Default value
The default value is No. The secure pairing keys are not deleted from the BlackBerry device or the computer.
Usage
If you change this rule to Yes, a user cannot change this feature on a BlackBerry device.
Dependencies
A BlackBerry device uses this rule only if you configure the Maximum BlackBerry Disconnect Timeout IT policy rule.
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP5 BlackBerry Smart Card Reader software version 1.5
Force Erase Key on PC Standby IT policy rule

Description
51
This rule specifies whether the computer deletes the secure pairing key and closes the connection to the BlackBerry Smart Card Reader when the computer goes into standby mode.
Default value
Usage
The user can configure this feature on the computer. If you change this rule to Yes, the user cannot turn off this feature on the computer.
Maximum BlackBerry Bluetooth Traffic Inactivity Timeout IT policy rule

Description
This rule specifies the maximum time (in minutes) of inactivity that is permitted between a BlackBerry Smart Card Reader and a BlackBerry device before the secure pairing information is deleted from the BlackBerry device and the BlackBerry Smart Card Reader. The permitted range is 1 through 10,080 minutes. Activity is any secure packet that is sent or received by a BlackBerry device and a BlackBerry Smart Card Reader over a Bluetooth connection, other than the connection heartbeat packet.
Default value
The default value is a null value. The secure pairing information is not deleted from the BlackBerry device.
Usage
If you configure this rule, the user cannot turn off this feature but can change the Inactivity Timeout field on the BlackBerry device to a lower value. If you do not configure this rule, the user can change the Inactivity Timeout field to any value.
Exceptions
52
Maximum BlackBerry Disconnected Timeout IT policy rule

Description
This rule specifies the maximum time (in seconds) of inactivity after the Bluetooth connection between a BlackBerry device and a BlackBerry Smart Card Reader closes that the disconnected timeout expires. The permitted range is 0 through 604,800 seconds.
Default value
Usage
If you configure this rule, the user cannot turn off this feature but can change the Disconnected Timeout field on a BlackBerry device to a lower value. If you do not configure this rule, the user can change the Disconnected Timeout value to any value.
Dependencies
The value of this rule affects how a BlackBerry device uses the Force Erase All Keys on BlackBerry Disconnected Timeout IT policy rule, if you configure that rule to Yes.
Exceptions
Maximum BlackBerry Long Term Timeout IT policy rule

Description
This rule specifies the maximum time (in hours) that can elapse after a BlackBerry device and a BlackBerry Smart Card Reader establish secure pairing information before the BlackBerry device and the BlackBerry Smart Card Reader delete the secure pairing information. The permitted range is 1 through 720 hours.
Default value
Usage
If you configure this rule, the user cannot turn off this feature but can change the Long Term Timeout field on a BlackBerry device to a lower value.
53
If you do not configure this rule, the user can change the Long Term Timeout field to any value.
Dependencies
This rule is related to the Maximum BlackBerry Bluetooth Traffic Inactivity Timeout IT policy rule.
Exceptions
Maximum Bluetooth Encryption Key Regeneration Period IT policy rule

Description
This rule specifies the length of time (in hours) that can elapse after a BlackBerry Smart Card Reader regenerates a Bluetooth encryption key if a BlackBerry device or computer is connected to a BlackBerry Smart Card Reader. If the BlackBerry device or computer is not connected to the BlackBerry Smart Card Reader, the BlackBerry Smart Card Reader regenerates the encryption key when the BlackBerry device or computer reconnects to the BlackBerry Smart Card Reader. The permitted range is 1 through 720 hours.
Default value
Maximum Bluetooth Range IT policy rule

Description
This rule specifies the maximum power range that a BlackBerry Smart Card Reader uses to send Bluetooth packets. The permitted range is 30% through 100%.
Default value
The default value is 100%.
Usage
54
Configure a lower power range for a BlackBerry device or a computer to communicate with a BlackBerry Smart Card Reader over a shorter distance.
Exceptions
Maximum Connection Heartbeat Period IT policy rule

Description
This rule specifies the maximum connection heartbeat period (in seconds). During each heartbeat period, a paired BlackBerry device or computer sends a heartbeat which the BlackBerry Smart Card Reader acknowledges. If either side fails to send or acknowledge a heartbeat in the maximum heartbeat period, the BlackBerry device or computer closes the Bluetooth connection. The permitted range is 60 through 3600 seconds. Note: If the disconnected timer is turned on, it starts when the connection closes. A BlackBerry device or computer deletes the secure pairing keys when the disconnected timeout expires.
Default value
The default value is a null value. The heartbeat period is turned off.
Usage
Use this rule to prevent an attacker from using a low-level Bluetooth heartbeat period to keep a Bluetooth connection between a BlackBerry device or computer and a BlackBerry Smart Card Reader open and the secure pairing keys present. If you configure this rule, the user cannot turn off the heartbeat period but can change the Connection Heartbeat Period field on a BlackBerry device or a computer to a lower value. If you do not configure this rule, the user can change the Connection Heartbeat Period field to any value. If you configure a low value, such as 1, 2, or 5 minutes, Bluetooth traffic increases. The increased traffic might affect the battery power level of the BlackBerry device and BlackBerry Smart Card Reader.
Dependencies
You can use the Maximum BlackBerry Disconnected Timeout and Maximum PC Disconnected Timeout rules to specify the BlackBerry device and the computer disconnected timers.
Java based BlackBerry device BlackBerry Device Software version 4.0
55
BlackBerry Enterprise Server version 4.0 SP2 BlackBerry Smart Card Reader software version 1.0
Exceptions
Maximum Number of BlackBerry Transactions IT policy rule

Description
This rule specifies the maximum number of smart card-related transactions that can occur between a BlackBerry device and a BlackBerry Smart Card Reader before the secure pairing information is deleted from the BlackBerry device. The permitted range is 100 through 10,000 transactions. A transaction is any set of request and response packets other than the connection heartbeat packet.
Default value
Usage
If you configure this rule, the user cannot stop the secure pairing information from being deleted but can change the Number of Transactions field on a BlackBerry device to a lower value. If you do not configure this rule, the user can change the Number of Transactions field to any value.
Exceptions
Maximum Number of PC Pairings IT policy rule

Description
This rule specifies the maximum number of computers that can pair with a BlackBerry Smart Card Reader. The permitted range is 0 through 65,535 computers.
Default value
Usage
56
If you configure this rule while computers are paired with a BlackBerry Smart Card Reader and more than the maximum number of computers are connected, the BlackBerry Smart Card Reader closes connections with the last computers to pair.
Exceptions
Maximum Number of PC Transactions IT policy rule

Description
This rule specifies the maximum number of smart card-related transactions that can occur between a computer and a BlackBerry Smart Card Reader before the secure pairing information is deleted from the computer and the BlackBerry Smart Card Reader. The permitted range is 100 through 10,000 transactions. A transaction is any set of request and response packets other than the connection heartbeat packet.
Default value
Usage
If you configure this rule, the user cannot stop the secure pairing information from being deleted, but can change the Number of Transactions field in the BlackBerry Smart Card Reader options on a computer to a lower value. If you do not configure this rule, the user can change the Number of Transactions field to any value.
Exceptions
Maximum PC Bluetooth Traffic Inactivity Timeout IT policy rule

Description
This rule specifies the maximum time (in minutes) of inactivity that is permitted between a BlackBerry Smart Card Reader and a computer before the secure pairing information is deleted from the computer and the BlackBerry Smart Card Reader. The permitted range is 1 through 10,080 minutes.
57
Activity is any secure packet that is sent or received by a BlackBerry device and a BlackBerry Smart Card Reader over a Bluetooth connection, other than the connection heartbeat packet.
Default value
The default value is a null value. The secure pairing information is not deleted from the computer.
Usage
If you configure this rule, the user cannot turn off this feature but can change the Inactivity Timeout field in the BlackBerry Smart Card Reader options on the computer to a lower value. If you do not configure this rule, the user can change the Inactivity Timeout field to any value.
Exceptions
Maximum PC Disconnected Timeout IT policy rule

Description
This rule specifies the maximum time (in seconds) that can elapse after a computer and a BlackBerry Smart Card Reader close a Bluetooth connection before the secure pairing information for that connection is deleted from the computer and BlackBerry Smart Card Reader. The permitted range is 0 through 604,800 seconds.
Default value
Usage
If you configure this rule, the user cannot turn off this feature but can change the Disconnected Timeout field in the BlackBerry Smart Card Reader options on a computer to a lower value. If you do not configure this rule, the user can change the Disconnected Timeout field to any value.
Exceptions
58
Maximum PC Long Term Timeout IT policy rule

Description
This rule specifies the maximum time (in hours) that can elapse after a computer and a BlackBerry Smart Card Reader establish secure pairing information before the computer and BlackBerry Smart Card Reader delete the secure pairing information. The permitted range is 1 through 720 hours.
Default value
Usage
If you configure this rule, the user cannot turn off this feature but can change the Long Term Timeout field in the BlackBerry Smart Card Reader options on a computer to a lower value. If you do not configure this rule, the user can change the Long Term Timeout field to any value.
Dependencies
This rule is related to the Maximum PC Bluetooth Traffic Inactivity Timeout IT policy rule.
Exceptions
Maximum Smart Card Not Present Timeout IT policy rule

Description
This rule specifies the maximum time (in seconds) that can elapse after a user removes a smart card from a BlackBerry Smart Card Reader before the secure pairing information is deleted from the BlackBerry device and BlackBerry Smart Card Reader. The permitted range is 0 through 86,400 seconds.
Default value
Usage
If you configure this rule, the user can change the Card Not Present Timeout value on the BlackBerry device to any value. If you do not configure this rule, the user cannot turn off this feature but can change the Card Not Present Timeout field to a lower value.
59
BlackBerry Unite! policy group
Exceptions
Minimum PIN Entry Mode IT policy rule

Description
This rule specifies the minimum PIN entry mode that is required when a user pairs a BlackBerry Smart Card Reader with a BlackBerry device or computer. The BlackBerry Enterprise Server enforces the minimum PIN entry mode when a user types the user authenticator password (smart card PIN) during the Bluetooth pairing process and secure pairing process.
Default value
The default value is Numeric.
Usage
Configure this rule to Alphanumeric Lowercase to enforce a user authenticator password that includes both numeric and lower case alphabetic characters. Configure this rule to Alphanumeric Mixed Case to enforce a user authenticator password that includes numeric characters and both upper case and lower case alphabetic characters.
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0 BlackBerry Smart Card Reader version 2.0
BlackBerry Unite! policy group

Disable Download Manager IT policy rule
Description
This rule specifies whether to prevent the Download Manager for the BlackBerry Unite! software from running on a BlackBerry device.
Default value
60
Bluetooth policy group
Java based BlackBerry device BlackBerry Device Software version 4.2.2 BlackBerry Enterprise Server version 4.1 SP6
Disable Unite! Applications IT policy rule

Description
This rule specifies whether to prevent applications for the BlackBerry Unite! software from running on a BlackBerry device.
Default value

For more information about Bluetooth security on BlackBerry devices, see the BlackBerry Enterprise Solution Security Technical Overview and Security for BlackBerry Devices with Bluetooth Wireless Technology.
Allow Outgoing Calls IT policy rule

Description
This rule specifies whether a user can place outgoing calls from a BlackBerry device using Bluetooth technology.
Default value
The default value is Always.
Usage
Configure this rule to Always, Never, or Only when the BlackBerry device is unlocked.
61
Disable Address Book Transfer IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device from exchanging address book data with a supported Bluetooth enabled device.
Default values
The default value in the Advanced security and Advanced Security with No 3rd Party Applications IT policies is Yes. A BlackBerry device cannot exchange address book data using Bluetooth technology. The default value in all other preconfigured IT policies is No.
Usage
Change this rule to Yes to turn off the ability to exchange address book data using Bluetooth technology.
Disable Advanced Audio Distribution Profile IT policy rule

Description
This rule specifies whether a Bluetooth enabled BlackBerry device can use the Bluetooth A2DP.
Default value
Usage
Change this rule to Yes to turn off the ability to stream audio using Bluetooth technology.
Disable Audio/Video Remote Control Profile IT policy rule

Description
This rule specifies whether a Bluetooth enabled BlackBerry device can use the Bluetooth AVRCP.
62
Default value
Disable Bluetooth IT policy rule

Description
This rule specifies whether support for Bluetooth technology on a BlackBerry device is turned off.
Default value
Usage
If Bluetooth technology is turned on when a BlackBerry device receives this rule, the user must reset the BlackBerry device for the change to take effect.
Minimum requirement
Java based BlackBerry device BlackBerry Connect version 4.0 BlackBerry Device Software version 3.8 BlackBerry Enterprise Server version 4.0
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 and later.
Disable Desktop Connectivity IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device from using Bluetooth technology to connect to the BlackBerry Desktop Software.
Default value
63
BlackBerry Enterprise Server version 4.0 SP3
Disable Dial-Up Networking IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device from using the Bluetooth DUN profile.
Default value
Disable Discoverable Mode IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device user from making a BlackBerry device discoverable. A BlackBerry device that is discoverable can be found by other Bluetooth enabled devices within range of the BlackBerry device.
Default values
The default value in the Default and Basic password security IT policies is No. The default value in all other preconfigured IT policies is Yes.
Disable File Transfer IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device from exchanging files with supported Bluetooth OBEX devices.
Default values
The default value in the Advanced security and Advanced Security with No 3rd Party Applications IT policies is Yes.
64
The default value in all other preconfigured IT policies is No.
Disable Handsfree Profile IT policy rule

Description
This rule specifies whether a BlackBerry device can use the Bluetooth HFP.
Default value
Usage
A BlackBerry device uses the Bluetooth HFP to connect to most car kits and some headsets.
Exceptions
Disable Headset Profile IT policy rule

Description
This rule specifies whether a BlackBerry device can use the Bluetooth HSP.
Default value
Usage
A BlackBerry device uses the Bluetooth HSP to connect to most headsets and some car kits.
Java based BlackBerry device BlackBerry Connect version 4.0 BlackBerry Device Software version 3.8
65
BlackBerry Enterprise Server version 4.0
Exceptions
Disable Pairing IT policy rule

Description
This rule specifies whether a BlackBerry device can pair with a Bluetooth enabled device.
Default value
Usage
After a BlackBerry device pairs with a supported Bluetooth enabled device, you can use this rule to prevent the BlackBerry device from pairing with other Bluetooth enabled devices.
Exceptions
Disable Serial Port Profile IT policy rule

Description
This rule specifies whether a BlackBerry device can use the Bluetooth SPP.
Default values
The default value in the Advanced security and Advanced Security with No 3rd Party Applications IT policies is Yes. The default value in all other preconfigured IT policies is No.
Usage
A BlackBerry device uses the Bluetooth SPP to establish a serial connection between the BlackBerry device and a Bluetooth enabled device that uses a serial port interface.
66
BlackBerry Connect version 4.0 BlackBerry Device Software version 3.8 BlackBerry Enterprise Server version 4.0
Exceptions
Disable SIM Access Profile IT policy rule

Description
This rule specifies whether to prevent a Bluetooth enabled BlackBerry device from using the Bluetooth SIM Access Profile, which might be required when a car kit initiates dialing.
Default value
Disable Wireless Bypass IT policy rule

Description
This rule specifies whether a BlackBerry device can use wireless bypass using Bluetooth technology.
Default value
Force CHAP Authentication on Bluetooth Link IT policy rule

Description
This rule specifies whether a BlackBerry device must use CHAP authentication to connect to a computer using a Bluetooth serial connection.
Default value
67
Java based BlackBerry device BlackBerry Desktop Software version 4.2.2 BlackBerry Device Software version 4.2.2 BlackBerry Enterprise Server version 4.1 SP4
Limit Discoverable Time IT policy rule

Description
This rule specifies whether a BlackBerry device user can configure the Bluetooth discoverable mode option so that the option does not have a time limit.
Default value
Usage
Change this rule to Yes to permit a user to set the Bluetooth discoverable mode option to use a time limit of 2 minutes or to turn off Bluetooth discoverable mode.
Dependencies
A BlackBerry device uses this rule only if you configure the Disable Discovery Mode IT policy rule to No.
Minimum Encryption Key Length IT policy rule

Description
This rule specifies the minimum encryption key length (in bytes) that a BlackBerry device uses to encrypt Bluetooth connections. The permitted range is 1 through 16 bytes.
Default value
The default value is 1 byte.
68
Require Encryption IT policy rule

Description
This rule specifies whether a BlackBerry device uses Bluetooth encryption for all connections.
Default value
Usage
If you change this rule to Yes to require Bluetooth encryption for all connections, you might restrict compatibility with some Bluetooth enabled devices.
Require LED Connection Indicator IT policy rule

Description
This rule specifies whether the LED must flash when a BlackBerry device is connected to a Bluetooth enabled device.
Default values
Require Password for Discoverable Mode IT policy rule

Description
This rule specifies whether a user must type the BlackBerry device password before the BlackBerry device can be discovered by Bluetooth enabled devices.
Default value
69
Browser policy group
Dependencies
A BlackBerry device uses this rule only if the Password Required IT policy rule is configured to Yes.
Require Password for Enabling Bluetooth Support IT policy rule

Description
This rule specifies whether a user must type the BlackBerry device password to turn on Bluetooth technology.
Default value
Dependencies
A BlackBerry device uses this rule only if the Password Required IT policy rule is configured to Yes.

The rules in the Browser policy group apply to all browser configurations on the BlackBerry device.
Allow Application Download Services IT policy rule

Description
This rule specifies whether application download service icons appear on a BlackBerry device when the wireless service provider assigns a service to the BlackBerry device and the appropriate service books are present on the BlackBerry device.
Default value
Usage
70
Change this rule to No to hide all application download service icons.
Allow Hotspot Browser IT policy rule

Description
This rule specifies whether a Wi-Fi enabled BlackBerry device can access a hotspot browser.
Default value
The default value is Allow.
Usage
Change this rule to Disallow to prevent a Wi-Fi enabled BlackBerry device from accessing a hotspot browser. Change this rule to Only for Hotspot Login to permit access only for the purpose of authenticating to the hotspot.
Allow IBS Browser IT policy rule

Description
This rule specifies whether a BlackBerry Internet Service Browsing icon appears on a BlackBerry device if the appropriate service books are present for BlackBerry Internet Service Browsing.
Default value
Usage
Change this rule to No to hide the BlackBerry Internet Service Browsing icon.
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Device Software version 4.0
71
Disable Auto Synchronization in Browser IT policy rule

Description
This rule specifies whether to prevent a user from configuring intervals for automatic synchronization of the bookmark list in the BlackBerry Browser.
Default value
Disable JavaScript in Browser IT policy rule

Description
This rule specifies whether to permit the execution of JavaScript code on a BlackBerry device.
Default value
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Download Images URL IT policy rule

Description
This rule specifies a web address that provides additional pictures for a BlackBerry device.
Default value
72
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 SP3 BlackBerry Device Software version 4.1
Download Themes URL IT policy rule

Description
This rule specifies a web address that provides additional themes for a BlackBerry device.
Default value
Download Tunes URL IT policy rule

Description
This rule specifies a web address that provides additional ring tones for a BlackBerry device.
Default value
MDS Browser BSM Enabled IT policy rule

Description
This rule specifies whether the browser session manager is turned on in the BlackBerry Browser.
Default value
73
Usage
The browser session manager is designed to improve BlackBerry Browser performance by helping the BlackBerry MDS Connection Service use the BlackBerry Browser cache.
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Device Software version 4.0.2 BlackBerry Enterprise Server version 4.0 SP2
MDS Browser Domains IT policy rule

Description
This rule specifies a list of web addresses that a BlackBerry device retrieves using the BlackBerry Browser. Separate multiple web addresses with a comma.
Default value
Usage
This rule supports the use of wildcard characters. If you want to permit the BlackBerry Browser to retrieve sub-domains of a web address, prefix the domain with a period. For example, type ".yahoo.ca" to permit the BlackBerry Browser to retrieve all sub-domains of yahoo.ca (such as mail.yahoo.ca, www.yahoo.ca).
MDS Browser HTML Tables Enabled IT policy rule

Description
This rule specifies whether support for HTML tables in the BlackBerry Browser is turned on.
Default value
74
MDS Browser JavaScript Enabled IT policy rule

Description
This rule specifies whether JavaScript in the BlackBerry Browser is turned on.
Default value
Usage
Change this rule to Yes to render web pages that use JavaScript correctly.
MDS Browser Style Sheets Enabled IT policy rule

Description
This rule specifies whether style sheets in the BlackBerry Browser are turned on.
Default value
75
Camera policy group
MDS Browser Title IT policy rule

Description
This rule specifies the name for the BlackBerry Browser icon that appears on the Home screen.
Default value
The default value is BlackBerry Browser.
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for Microsoft Exchange version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and Novell GroupWise version 4.0
MDS Browser Use Separate Icon IT policy rule

Description
This rule specifies whether an icon for the BlackBerry Browser appears on the Home screen of the BlackBerry device.
Default value
Camera policy group

Disable Photo Camera IT policy rule
Description
This rule specifies whether the camera is available on a BlackBerry device.
Default value
76
Certification Authority Profile policy group
The default value is No. The camera is available on the BlackBerry device.
Disable Video Camera IT policy rule

Description
This rule specifies whether the video camera feature on a BlackBerry device is turned on.
Default value
The default value is No. The video camera is available on the BlackBerry device.
Usage
Change this rule to Yes to turn off the video camera feature.

The rules in the Certification Authority Profile policy group are used to create a certification authority profile for wireless certificate requests. The previous name of this policy group was Certificate Authority Profile policy group.
Allow Private Key Export IT policy rule

Description
This rule specifies whether to prevent a user from exporting private keys that are included in the certification authority profile. A user can export private keys using the BlackBerry Desktop Manager to back up BlackBerry device data or to synchronize certificates.
Default value
Usage
77
If you change this rule to Yes, a user can restore the private keys to the same BlackBerry device only, not to another BlackBerry device. A BlackBerry device encrypts the private key using a key that is specific to the BlackBerry device.
Dependencies
A BlackBerry device uses this rule only if the Disable Key Store Backup rule is configured to No.
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Certificate Enrollment Delay IT policy rule

Description
This rule specifies the time (in hours) that a BlackBerry device can wait before it initiates the certificate enrollment process. The BlackBerry device selects a time randomly within this specified time period to start the certificate enrollment process so that the BlackBerry Enterprise Server does not receive many certificate enrollment requests at one time. The permitted range is 0 through 24 hours.
Default value
The default value is 1 hour.
Usage
If the initial certificate enrollment process does not complete, a BlackBerry device uses this rule to specify a retry time for the enrollment process.
Certificate Expiry Window IT policy rule

Description
This rule specifies the number of days before a certificate expires that a BlackBerry device generates a new certificate enrollment request to replace the expiring certificate. The permitted range is 1 through 30 days.
Default value
The default value is 7 days.
78
BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Certification Authority Host IT policy rule

Description
This rule specifies the name of the certification authority server that is required in the certification authority profile (for example, http://<server>.<domain>). The previous name of this rule was Certificate Authority Host.
Default value
Usage
Accepted values are uppercase and lowercase alphabetical characters, periods (.), forward slashes (/), and hyphens (-).
Certificate Authority Port IT policy rule

Description
This rule specifies the port number that the BlackBerry MDS Connection Service can use to connect to the certification authority. The permitted range is 0 through 65535. The previous name of this rule was Certificate Authority Port.
Default value
The default value is 80 (port 80).
Certification Authority Profile Name IT policy rule

Description
79
This rule specifies a name for the certification authority profile that a BlackBerry device requires for certificate enrollment requests over a wireless network. The permitted range is 0 through 32 characters. The previous name of this rule was Certificate Authority Profile Name.
Default value
Usage
If you change this rule after the BlackBerry Enterprise Server sends the certification authority profile to a BlackBerry device, and you resend the IT policy, the BlackBerry device restarts the certificate enrollment process.
Certification Authority Profile Required IT policy rule

Description
This rule specifies whether the certificate enrollment process is required for a BlackBerry device. The previous name of this rule was Certificate Authority Profile Required.
Default value
The default value is Yes. The BlackBerry device enrolls the certificate without any user interaction after the BlackBerry Enterprise Server pushes the IT policy to the BlackBerry device. The user cannot delete the certificate.
Usage
If you change this rule to No, the certification authority profile is optional, and the BlackBerry device starts the certificate enrollment process automatically after the BlackBerry Enterprise Server pushes the IT policy to the BlackBerry device. The user can cancel the enrollment process when the BlackBerry device requests the user's credentials. If the user cancels the enrollment process, the BlackBerry device does not add the certificate to the key store. The certification authority might still issue the certificate to the BlackBerry device, and the BlackBerry MDS Connection Service might still retrieve the certificate, but the BlackBerry device does not store the certificate in the key store.
80
Certification Authority Type IT policy rule

Description
This rule specifies the type of certification authority that the BlackBerry MDS Connection Service can access in your organization's environment. The options are Microsoft Enterprise certification authority, Microsoft stand-alone certification authority, and RSA certification authority. The previous name of this rule was Certificate Authority Type.
Default value
The default certification authority type is Microsoft Enterprise.
Common Name Components IT policy rule

Description
This rule specifies the information that appears in the common name of the certificate that the certification authority issues to a user. The options are User Name, BlackBerry Device PIN, and Local Email Address.
Default value
The default value is User Name and BlackBerry Device PIN.
Usage
If you select the Local Email Address option, the certification authority adds the user name from the email address to the common name, but not the at sign (@) or domain information.
Dependency
If you change the Certification Authority Type rule to Microsoft Enterprise certification authority, and the Microsoft certification authority uses a template to build the subject name of the certificate from the Microsoft Active Directory, a BlackBerry device does not use this rule.
81
Custom Microsoft Certification Authority Certificate Template IT policy rule

Description
This rule specifies a custom certificate template for the Microsoft enteprise certification authority. The previous name of this rule was Custom Microsoft Certificate Authority Certificate Template.
Default value
Usage
You must use the exact value that the administrator for the certification authority configures for the Microsoft enterprise certificate authority.
Dependencies
If you configure this rule, a BlackBerry device does not use the Microsoft Certification Authority Certificate Template rule. A BlackBerry device uses this rule only if the Certification Authority Type rule is configured to Microsoft Enterprise.
Distinguished Name Components IT policy rule

Description
This rule specifies, in a comma delimited list, the components that must appear in the distinguished name of the certificate (for example, C=Country, O=Organization, OU=Organizational Unit).
Default value
Usage
A BlackBerry device accepts certificates only if the email address in the distinguished name of the certificate matches an email address on a BlackBerry device. Supported values are the following: C=<Country>, L=<Locality>, O=<Organization>, OU=<Organizational_unit>, and ST=<State_or_Province>.
Dependencies
82
If you change the Certification Authority Type rule to Microsoft Enterprise, and the Microsoft certification authority uses a template to build the subject name of the certificate from the Microsoft Active Directory, a BlackBerry device does not use this rule.
Key Algorithm IT policy rule

Description
This rule specifies the algorithm that a BlackBerry device uses to generate a public-private key pair.
Default value
The default value is RSA algorithm.
Key Length IT policy rule

Description
This rule specifies the key size (in bits) that a BlackBerry device generates. The permitted range is 512 through 16,384 bits.
Default value
The default value is 1024 bits.
Usage
If you change the Key Algorithm rule to RSA, you must configure the key size to be a multiple of 64. If you change the Key Algorithm rule to DSA, you must configure the key size to be 512,768, or 1024 bits. If you configure an unsupported key size, a BlackBerry device chooses the next strongest key size and generates the key.
83
Microsoft Certification Authority Certificate Template IT policy rule

Description
This rule specifies the certificate template that the Microsoft Enterprise certification authority uses to create a certificate. The template options are Authenticated Session, Smart Card User, and User certificate. The previous name of this rule was Microsoft Certificate Authority Certificate Template.
Default value
The default value is User certificate template.
Dependencies
If you configure the Certification Authority Type rule to Microsoft Stand-alone or RSA, a BlackBerry device does not use this rule.
RSA Certification Authority Certificate ID IT policy rule

Description
This rule specifies the MD5 certificate ID that is assigned to the RSA certification authority. The previous name of this rule was RSA Certificate Authority Certificate ID.
Default value
Usage
You must map this value to the MD5 certificate ID (for example, 2094a3d152b66fb45ea69501970511f9) that the administrator of the RSA certification authority provides.
Dependencies
A BlackBerry device uses this rule only if you change the Certification Authority Type IT policy rule to RSA.
84
Certificate Synchronization policy group
RSA Jurisdiction ID IT policy rule

Description
This rule specifies the unique domain ID that you assign to the RSA certification authority.
Default value
Usage
This value maps to the jurisdiction ID (for example, 15c128ec4b2a798c09427072efeddb5d96aa4664) that the administrator of the RSA certification authority provides.
Dependencies
A BlackBerry device uses this rule only if you configure the Certification Authority Type IT policy rule to RSA.
Certificate Synchronization policy group

The rules in the Certificate Synchronization policy group apply to the certificate search and retrieval features of the S/MIME Support Package for BlackBerry Smartphones.
Random Source URL IT policy rule

Description
This rule specifies a web address that produces random data (for example, a web site for a white noise machine). If the S/MIME Support Package for BlackBerry Smartphones version 4.0 or later is installed on a BlackBerry device, the certificate synchronization tool of the BlackBerry Desktop Manager can use the web address to retrieve random data to add to a BlackBerry device.
Default value
S/MIME Support Package for BlackBerry Smartphones version 4.0 BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 4.0
85
Common policy group
Exceptions
User Can Disable Automatic RNG Initialization IT policy rule

Description
This rule specifies whether a user can stop the BlackBerry Desktop Software from starting the random number generator on a BlackBerry device automatically.
Default setting
BlackBerry Desktop Software version 4.3 BlackBerry Enterprise Server version 4.1 SP5
Common policy group

IT policy rules in the Common policy group apply to BlackBerry device owner information and to MMS.
BlackBerry Server version IT policy rule

Description
This rule specifies the BlackBerry Enterprise Server version number that the BlackBerry Enterprise Server sends to a BlackBerry device. Note: Where applicable, if you do not configure this rule, a BlackBerry device uses the settings that the application control policy rules specify, or the software configurations that the BlackBerry device configuration tool defines. If application control data does not exist, by default the BlackBerry device opens internal and external connections through the firewall.
Default value
Usage
Configure this rule to 4.0 to support application control features. This rule is obsolete in BlackBerry Enterprise Server version 4.1 and later.
86
Common policy group
C++ based BlackBerry device that is running BlackBerry Device Software version 2.7 Java based BlackBerry device that is running BlackBerry Device Software version 4.0 BlackBerry Connect version 4.0 BlackBerry Enterprise Server version 4.0 and earlier
Confirm On Send IT policy rule

Description
This rule specifies whether users must confirm before they send an email message, PIN message, SMS text message, or MMS message.
Default value
Usage
Use this rule to create a customized confirmation message.
Java based BlackBerry device that is running BlackBerry Device Software version 4.0 C++ based BlackBerry device that is running BlackBerry Device Software version 2.7 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Enterprise Server version 4.0
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices.
Disable Kodiak PTT IT policy rule

Description
This rule specifies whether a BlackBerry device user can use Kodiak PTT on a supported BlackBerry device.
Default value
87
Common policy group
Disable MMS IT policy rule

Description
This rule specifies whether a BlackBerry device user can send and receive MMS messages.
Default value
Usage
Change this rule to Yes to prevent security risks that are associated with sending and receiving MMS messages. For more information, see the BlackBerry Enterprise Solution Security Technical Overview.
Dependencies
To block incoming MMS messages, in the Security policy group, configure the Firewall Block Incoming Messages IT policy rule.
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0.2 BlackBerry Enterprise Server version 4.0
Disable Voice-Activated Dialing IT policy rule

Description
This rule specifies whether voice dialing is available on a BlackBerry device.
Default value
Disable Voice Note Recording IT policy rule

Description
This rule specifies whether the voice note recording feature on a BlackBerry device is turned on.
Default value
88
Common policy group
Usage
Change this rule to Yes to turn off the voice note recording feature and to prevent applications on a BlackBerry device from accessing this feature.
Enable Simultaneous Phone and Data IT policy rule

Description
This rule specifies whether a BlackBerry device user can send and receive data during a phone call.
Default value
Usage
Change this rule to 0 to prevent phone calls and data use from occurring at the same time on the BlackBerry device. Change this rule to 1 to allow phone calls and data use to occur at the same time on the BlackBerry device. Change this rule to 2 to allow data use during a phone call if the phone application runs in the background on the BlackBerry device.
IT Policy Notification IT policy rule

Description
This rule specifies whether warnings about IT policy changes appear to a BlackBerry device user.
Default value
C++ based BlackBerry device that is running BlackBerry Device Software version 2.7 Java based BlackBerry device that is running BlackBerry Device Software version 4.0 BlackBerry Application Suite version 1.0
89
Common policy group
BlackBerry Connect version 4.0 BlackBerry Enterprise Server version 4.0
Exceptions
Lock Owner Info IT policy rule

Description
This rule specifies whether a user can change the owner information for a BlackBerry device. You can lock the Information field, the Name field, or both fields.
Default value
Usage
Configure this rule to Lock Information text that is defined using the Set Owner Info IT policy rule. Configure this rule to Lock Name text that is defined using the Set Owner Name IT policy rule. Configure this rule to Lock both Name and Information text that is defined using the Set Owner Info and Set Owner Name IT policy rules. You can overwrite this information by sending the Set Owner Information IT administration command to a BlackBerry device.
Dependencies
The Lock Owner Info IT policy rule is related to the Set Owner Info and Set Owner Name IT policy rules.
C++ based BlackBerry device that is running BlackBerry Device Software version 2.7 Java based BlackBerry device that is running BlackBerry Device Software version 4.0 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Enterprise Server version 4.0
Exceptions
Set Owner Info IT policy rule

Description
90
Common policy group
This rule specifies the owner information that appears on a BlackBerry device.
Default value
Usage
You can overwrite this information by sending the Set Owner Information IT administration command to a BlackBerry device.
Dependencies
The Set Owner Info IT policy rule is related to the Lock Owner Info IT policy rule.
Exceptions
Set Owner Name IT policy rule

Description
This rule specifies the owner name that appears on a BlackBerry device.
Default value
Usage
You can overwrite this information by sending the Set Owner Information IT administration command to a BlackBerry device.
Dependencies
The Set Owner Name IT policy rule is related to the Lock Owner Info IT policy rule.
Exceptions
91
Date and Time IT policy group

IT policy rules in the Date and Time IT policy group apply to the date and time on a BlackBerry device, including the synchronization of time zone information.
Automatic Time Zone Change Detection IT policy rule

Description
This rule specifies whether a BlackBerry device can update the time zone setting automatically based on the information that it receives from the wireless network. For example, if a user travels to a different time zone, by default, the BlackBerry device prompts to update the time zone settings on the BlackBerry device.
Default value
The default value is Prompt. The BlackBerry device prompts the BlackBerry device user to update the time zone setting.
Usage
Change this rule to On so that the BlackBerry device updates changes to the time zone setting automatically.
Enable Time Zone Definitions Update IT policy rule

Description
This rule specifies whether a BlackBerry device can update time zone definitions over the wireless network after a user requests a time zone definitions update.
Default value
The default value is No. A BlackBerry device cannot update time zone definitions after a user requests a time zone definitions update.
Usage
Change this rule to Yes to allow the BlackBerry device to update time zone definitions over the wireless network.
92
Periodic Time Synchronization IT policy rule

Description
This rule specifies whether a BlackBerry device can automatically synchronize its real-time clock with a time source on the wireless network.
Default value
The default value is Yes. A BlackBerry device can synchronize its clock automatically.
Time Zone Definitions Automatic Update Interval IT policy rule

Description
This rule specifies the length of time (in days) between automatic updates of time zone definitions on a BlackBerry device.
Default value
The default value is 0 (days). Automatic updates are turned off.
Usage
Specify a value for this rule to turn on automatic updates of time zone definitions on a BlackBerry device so that they occur at a specific interval. The permitted range between automatic updates is 1 to 365 days.
Time Zone Definitions Update Server IT policy rule

Description
This rule specifies the FQDN of the web server that a BlackBerry device can retrieve time zone definitions updates from.
Default value
93
Desktop policy group

Allow BlackBerry Desktop Software Statistics IT policy rule
Description
This rule specifies whether the BlackBerry Desktop Software can send statistical information to Research In Motion when a BlackBerry device is connected to a computer.
Default value
The default value is Yes. The BlackBerry Desktop Software can send statistical information when a BlackBerry device is connected to a computer.
Exceptions
Allow External Device Software Servers IT policy rule

Description
This rule specifies whether the BlackBerry Device Software can receive updates from software servers that are hosted outside your organization.
Default value
The default value is No. The BlackBerry Device Software cannot receive updates from software servers that an external organization hosts.
Exceptions
94
Allow Personal Folder Reconciliation IT policy rule

Description
This rule specifies whether a BlackBerry device can synchronize email messages in personal folders over a serial connection or USB connection.
Default value
The default value is Yes. A BlackBerry device can synchronize email messages in personal folders over a serial connection or USB connection.
Exceptions
Desktop Allow Desktop Add-ins IT policy rule

Description
This rule specifies whether the BlackBerry Desktop Software can run add-in applications, such as third-party COM-based extensions that access BlackBerry device databases during synchronization.
Default value
Exceptions
Desktop Allow Device Switch IT policy rule

Description
95
This rule specifies whether BlackBerry Desktop Software users or BlackBerry Web Desktop Manager users can switch BlackBerry devices.
Default value
Usage
Change this rule to No to prevent users from switching to an unapproved BlackBerry device. The Enterprise Service Policy overrides this rule. For more information about using the Enterprise Service Policy, see the BlackBerry Enterprise Solution Security Technical Overview.
Exceptions
Desktop Password Cache Timeout IT policy rule

Description
This rule specifies the length of time (in minutes) that the BlackBerry Desktop Software or BlackBerry Web Desktop Manager caches the BlackBerry device password in memory. The permitted range is 0 through 720 minutes.
Default value
The default value is 10 minutes.
Usage
If you change this rule to 0, a BlackBerry device clears the password from memory when a user disconnects the BlackBerry device from a computer, regardless of the length of time that the BlackBerry device was connected.
Dependencies
A BlackBerry device uses this rule only if you configure the Password Required IT policy rule to Yes.
Exceptions
96
Disable Check For Updates Link IT policy rule

Description
This rule specifies whether the Check for updates link in the BlackBerry Desktop Manager is available.
Default value
Disable Media Manager IT policy rule

Description
This rule specifies whether the media manager tool of the BlackBerry Desktop Manager is available.
Default value
Usage
Change this rule to Yes to prevent a user from accessing a media card using the media manager tool.
BlackBerry Connect version 4.0 (internal) BlackBerry Desktop Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Exceptions
Disable Media Synchronization IT policy rule

Description
This rule specifies whether BlackBerry Media Sync is available in the BlackBerry Desktop Manager.
Default value
97
Exceptions
Generate Encrypted Backup Files IT policy rule

Description
This rule specifies whether a BlackBerry device creates encrypted backup files.
Default value
The default value is No. A BlackBerry device does not create encrypted backup files.
BlackBerry Desktop Software version 4.7.1 BlackBerry Enterprise Server version 4.1 SP7
Exceptions
Override Check For Updates URL IT policy rule

Description
This rule specifies the destination web address for the Check for updates link in the BlackBerry Desktop Manager.
Default value
98
Device IOT Application policy group
Device IOT Application policy group

Device Diagnostic App Disable IT policy rule
Description
This rule specifies whether to prevent a user from sending diagnostic reports from a BlackBerry device.
Default value
BlackBerry Application Suite version 1.0 Java based BlackBerry device BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Set Diagnostic Report Email Address IT policy rule

Description
This rule specifies one or more email addresses that should receive diagnostic reports. Separate multiple email addresses with a comma (,).
Default value
Set Diagnostic Report PIN Address IT policy rule

Description
This rule specifies one or more PINs that should receive diagnostic reports. Separate multiple PINs with a comma (,).
Default value
99
Documents To Go policy group
Documents To Go policy group

Disable Documents To Go IT policy rule
Description
This rule specifies whether a user can open files or attachments using the DataViz Documents to Go on a BlackBerry device.
Default value
Java based BlackBerry device BlackBerry Device Software version 4.5 with the DataViz Documents to Go application installed BlackBerry Enterprise Server version 4.1 SP5
Hide Documents To Go Communication Menus IT policy rule

Description
This rule specifies whether a user can register the Documents to Go application with DataViz, check for software updates from DataViz, and use the premium edition of the DataViz Documents to Go application on a BlackBerry device.
Default value
Dependencies
If you configure the Disable Documents To Go IT policy rule to Yes, the BlackBerry device ignores this rule.
100
Email Messaging policy group
Hide Documents To Go Premium Feature Menus IT policy rule

Description
This rule specifies whether to hide the premium features of the DataViz Documents to Go application that are not available on a BlackBerry device that is running the standard edition of the Documents to Go application.
Default value
Dependencies
If you configure the Disable Documents To Go IT policy rule to Yes, the BlackBerry device ignores this rule.

The rules in the Email Messaging policy group apply to wireless message reconciliation and attachment viewing.
Allow Auto Attachment Download IT policy rule

Description
This rule specifies whether a BlackBerry device automatically downloads supported attachments from email messages that it receives.
Default value
The default value is No. A BlackBerry device does not automatically download attachments from email messages.
Usage
If you change this rule to Yes, and the BlackBerry Attachment Service is connected to the BlackBerry Enterprise Server using the BlackBerry Attachment Connector, a BlackBerry device downloads attachments automatically.
101
Attachment Viewing IT policy rule

Description
This rule specifies whether a BlackBerry device user can view supported attachments in messages and calendar entries.
Default value
Usage
A BlackBerry device can use this rule if the BlackBerry Attachment Service is connected to the BlackBerry Enterprise Server using the BlackBerry Attachment Connector. Changing this rule to No does not prevent a user from downloading or viewing native attachments on a BlackBerry device.
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.2 for messages and version 5.0 for calendar entries BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
Confirm External Image Download IT policy rule

Description
This rule specifies whether a BlackBerry device displays a confirmation dialog box when a BlackBerry device user clicks the Get Images link in an HTML-formatted email message.
Default value
Usage
The message that the confirmation dialog box displays informs users that they might expose their email addresses if they download an image from the Internet. If you change this rule to Yes, BlackBerry device users must verify whether they want to download an image each time they click the Get Images link in an HTML-formatted email message.
102
Disable Form Submission IT policy rule

Description
This rule specifies whether a BlackBerry device user can send email messages that include embedded forms.
Default value
Disable Manual Download of External Images IT policy rule

Description
This rule specifies whether a BlackBerry device user can manually request to view URL-referenced content (such as pictures) that is embedded in email messages.
Default value
Disable Notes Native Encryption Forward And Reply IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device user from forwarding and replying to received IBM Lotus Domino encrypted email messages from a BlackBerry device. By default, a BlackBerry device user with support for reading IBM Lotus Domino encrypted email messages on a BlackBerry device can forward or reply to encrypted email messages that were received, decrypted, and decompressed on the BlackBerry device. The BlackBerry Messaging Agent for IBM Lotus Domino decrypts email messages before a BlackBerry device sends email messages to the recipient as plain text. For more information about reading IBM Lotus Domino encrypted email messages on a BlackBerry device, see the BlackBerry Enterprise Solution Security Technical Overview.
Default value
103
The default value is No. A BlackBerry device user can forward or reply to IBM Lotus Domino encrypted email messages that were received, decrypted, and decompressed on the BlackBerry device.
Usage
If you change this rule to Yes, a BlackBerry device user cannot forward or reply to received IBM Lotus Domino encrypted email messages on the BlackBerry device.
Disable Rich Content Email IT policy rule

Description
This rule specifies whether a BlackBerry device can receive email messages in rich text or HTML format.
Default value
Enable Wireless Message Reconciliation IT policy rule

Description
This rule specifies whether a BlackBerry device supports wireless email reconciliation. When a user moves or deletes email messages on a BlackBerry device or in the email application on a computer, or marks messages as opened or unopened, the BlackBerry Messaging Agent reconciles the changes over the wireless network.
Default value
Usage
If you configure this rule to Yes, or if it is not a part of the IT policy that you assigned to a user, by default, wireless email reconciliation is turned on for both the BlackBerry device and BlackBerry Enterprise Server.
104
BlackBerry Application Suite version 1.0 BlackBerry Connect version 1.2, 2.0, 2.1, or 4.0 (internal) BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
Inline Content Requests IT policy rule

Description
This rule specifies whether a BlackBerry device user can send messages with inline content and view inline content automatically in messages received on the BlackBerry device.
Default value
The default value is Automatic Allowed.
Usage
If you change this rule to Manual Only, a BlackBerry device user can continue to request inline content in messages manually.
Keep Message Duration IT policy rule

Description
This rule specifies the maximum time (in days) that a BlackBerry device keeps messages. The permitted range is -1 through 180 days.
Default value
The default value is -1. A BlackBerry device keeps messages indefinitely.
Usage
Configure this rule to 0 or -1 to keep messages on a BlackBerry device indefinitely.
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2
105
Keep Saved Message Duration IT policy rule

Description
This rule specifies the maximum time (in days) that a BlackBerry device keeps saved messages. The permitted range is -1 through 180 days.
Default value
The default value is -1. A BlackBerry device keeps messages indefinitely.
Usage
Configure this rule to 0 or -1 to keep saved messages on a BlackBerry device indefinitely. Configure this rule to -2 to delete saved messages and turn off the ability to save messages on a BlackBerry device that is running BlackBerry Device Software version 4.5 or later.
Maximum Native Attachment MFH attachment size IT policy rule

Description
This rule specifies the maximum size (in bytes) of a standard attachment that can be uploaded from a BlackBerry device. The permitted range is 0 through 3 MB.
Default value
The default value is 3 MB.
Maximum Native Attachment MFH total attachment size IT policy rule

Description
106
This rule specifies the total size (in bytes) of all standard attachments that can be uploaded from a BlackBerry device. The permitted range is 0 through 5 MB.
Default value
Maximum Native Attachment MTH attachment size IT policy rule

Description
This rule specifies the maximum size (in KB) of a single standard attachment that a user can download to a BlackBerry device. The permitted range is 0 through 1,048,576 KB.
Default value
The default value is 10,240 KB.
Usage
Change this rule to 0 to turn off the ability to download standard attachments on a BlackBerry device.
Notes Native Encryption Password Timeout IT policy rule

Description
This rule specifies the maximum length of time (in minutes) that a BlackBerry device stores the IBM Lotus Notes .id password that a user types. The permitted range is -1 through 32,767.
Default value
The default value is -1, which indefinitely stores the password that the user types.
Usage
Change this rule to 0 to never store the password that a user types on a BlackBerry device. If you do this, you should also prevent the BlackBerry Enterprise Server from storing a copy of the password by default.
107
For more information on changing the BlackBerry Enterprise Server default behavior, visit www.blackberry.com/support to read Prevent the BlackBerry Enterprise Server from storing the password for decrypting IBM Lotus Notes-encrypted messages.
Prepend Disclaimer IT policy rule

Description
This rule specifies the disclaimer that appears at the beginning of all email messages that a user sends from a BlackBerry device.
Default value
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1.2 BlackBerry Enterprise Server version 4.0 SP5
Require Notes Native Encryption For Outgoing Messages IT policy rule

Description
This rule specifies whether a user can send messages using IBM Lotus Notes encryption.
Default value
Usage
Change this rule to Yes to permit a user to send messages using IBM Lotus Notes encryption. If necessary, the BlackBerry device prompts a user for the IBM Lotus Notes encryption passwords. A BlackBerry device does not perform IBM Lotus Notes encryption itself; it configures sent messages for IBM Lotus Notes encryption by the BlackBerry Enterprise Server. This rule does not affect messages sent from a BlackBerry device using email services that do not support IBM Lotus Notes encryption.
108
Enterprise Voice Client policy group
Enterprise Voice Client policy group

Disable DTMF Fallback IT policy rule
Description
This rule specifies whether a BlackBerry device can use the DTMF call format for outgoing calls if the outgoing calls using a protocol format fail because of inadequate wireless coverage levels. The DTMF call format uses weaker authentication than the protocol call format.
Default value
Usage
Change this rule to Yes to prevent outgoing calls if the protocol format cannot be used.
Java based BlackBerry device BlackBerry Enterprise Server version 4.1 SP4
Disable Enterprise Voice Client IT policy rule

Description
This rule specifies whether enterprise voice is available on a BlackBerry device.
Default value
Lock Outgoing Line IT policy rules

Description
This rule specifies whether to prevent using the enterprise voice number for outgoing calls.
Default value
109
External Display policy group
Reject Non-Enterprise Voice Calls IT policy rule

Description
This rule specifies whether the BlackBerry device accepts incoming calls only if they are sent through the BlackBerry Enterprise Server.
Default value
Usage
This rule is obsolete in BlackBerry Enterprise Server versions 4.1 SP4 and later.
External Display policy group

Display Notification Details IT policy rule
Description
This rule specifies when notifications appear on the external display of BlackBerry Pearl 8220 and BlackBerry 8210 smartphones.
Default value
The default value is Always.
Usage
Change this rule to Never to never display notification messages on the external display.
Java based BlackBerry Pearl 8220 device Java based BlackBerry 8210 device BlackBerry Device Software version 4.6 BlackBerry Enterprise Server version 4.1 SP6
110
Firewall policy group
Include Message Text in Notification Details IT policy rule

Description
This rule specifies whether preview text for notifications appears on the external display of BlackBerry Pearl 8220 and BlackBerry 8210 smartphones.
Default value
Dependencies
A BlackBerry device uses this rule only if the Display Notification Details IT policy rule is configured to Only when unlocked or Always.

Restrict Incoming Cellular Calls IT policy rule
Description
This rule specifies whether a BlackBerry device firewall blocks calls that a user receives unless the calls use a fixed dialing pattern. This rule does not affect emergency calls.
Default value
Usage
Type one or more fixed dialing patterns (for example, specific dialing numbers, or a set of dialing numbers with the same prefix) separated by a semi-colon (;). To receive calls from numbers that are preceded by 1 or +1 only, type +1...;1... To deny receiving calls using a specific pattern, append r to that pattern. For example, type 011...r to deny receiving calls in the format 011xxxxxxxxxx.
111
To indicate that all other patterns are denied, type r in the pattern list. For example, to receive calls from the number 519-555-1234 only, type +15195551234;15195551234;5195551234;r.
Dependencies
BlackBerry device users must subscribe to caller ID to use this rule.
Restrict Outgoing Cellular Calls IT policy rule

Description
This rule specifies whether a BlackBerry device firewall blocks calls that a user makes unless the calls use a fixed dialing pattern. This rule does not affect emergency calls.
Default value
Usage
Type one or more fixed dialing patterns (for example, specific dialing numbers, or a set of dialing numbers with the same prefix) separated by a semi-colon (;). To make calls to numbers that are preceded by 1 or +1 only, type +1...;1... To deny making calls using a specific pattern, append r to that pattern. For example, type 011...r to deny making calls in the format 011xxxxxxxxxx. To indicate that all other patterns are denied, type r in the pattern list. For example, to make calls to the number 519-555-1234 only, type +15195551234;15195551234;5195551234;r.
Dependencies
A BlackBerry device user must subscribe to caller ID to use this rule.
112
Instant Messaging policy group

Disable Address Book Lookup for Enterprise Messenger IT policy rule
Description
This rule specifies whether a BlackBerry device user can add a contact to a BlackBerry device by searching the contact list when the user uses a collaboration client (such as the BlackBerry Client for use with Microsoft Office Communications Server 2007).
Default value
Usage
The contact list search can return an email address that a user cannot use to add a contact because the search does not return the correct SIP address. Change this rule to Yes to permit contact list searches.
Disable Automatic Login IT policy rule

Description
This rule specifies whether a user can permit collaboration clients that were previously logged into a BlackBerry device to log back in automatically after the BlackBerry device restarts or enters a wireless coverage area again.
Default value
The default value is No. A BlackBerry device user can permit collaboration clients to log back in automatically when a connection is established again.
Disable Broadcast Messages IT policy rule

Description
113
This rule specifies whether a user can broadcast email messages or PIN messages to multiple recipients from a BlackBerry device.
Default value
The default value is No. A user can broadcast messages to multiple recipients from a BlackBerry device.
Disable Emailing Conversation IT policy rule

Description
This rule specifies whether a user can send an instant messaging conversation in an email message from a BlackBerry device.
Default value
Disable Emoticons IT policy rule

Description
This rule specifies whether the collaboration client on a BlackBerry device displays graphical emoticons and allows a user to add emoticons to conversations.
Default value
The default value is No. The collaboration client on a BlackBerry device displays emoticons and makes them available in conversations.
Disable Offline Messaging for Enterprise Messenger IT policy rule

Description
114
This rule specifies whether instant messaging that uses the collaboration client is turned off when the BlackBerry device is offline.
Default value
The default value is Yes. Instant messaging that uses the collaboration client is turned off when the BlackBerry device is offline.
Usage
If you change this rule to No, a BlackBerry device might require additional software to deliver messages when the BlackBerry device is offline.
Disable Saving Conversation IT policy rule

Description
This rule specifies whether a user can save an instant messaging conversation to a BlackBerry device or a media card.
Default value
Disallow File Transfer Types IT policy rule

Description
This rule specifies the types of files that a BlackBerry device user cannot send using an instant messaging application on a BlackBerry device.
Default value
The default value is a null value. The user can send all file types.
Usage
Specify the extensions of the disallowed file types in a comma-delimited format (for example, bat, exe, mp3) to prevent a user from sending specific file types. Configure this rule to "*" to prevent a user from sending any file type.
115
Location Based Services policy group
Maximum File Transfer Size (MB) IT policy rule

Description
This rule specifies the maximum size (in bytes) of files that a collaboration client can send to an instant messaging server. The permitted range is 0 through 6 MB.
Default value

Allow Geolocation Service IT policy rule
Description
This rule specifies whether a BlackBerry device can use the geolocation service to identify the geographic location of a BlackBerry device user.
Default value
Usage
Change this rule to No to turn off the geolocation service for a BlackBerry device.
Dependencies
This service is available only on BlackBerry devices that have internal GPS capability.
116
Disable BlackBerry Maps IT policy rule

Description
This rule specifies whether the BlackBerry Maps feature is turned on.
Default value
BlackBerry Application Suite version 1.0 BlackBerry Enterprise Server version 4.0 SP6
Enable Enterprise Location Tracking IT policy rule

Description
This rule specifies whether a BlackBerry device can use the GPS feature to report its location to the BlackBerry Enterprise Server regularly. A BlackBerry device user must click Yes when prompted to permit location tracking on a BlackBerry device.
Default value
The default value is No. The default interval is 15 minutes.
Usage
Change this rule to Yes to permit a BlackBerry device user to require that a BlackBerry device report its location to the BlackBerry Enterprise Server at regular intervals. You can use the Enterprise Location Tracking Interval IT policy rule to change the interval.
Enterprise Location Tracking Interval IT policy rule

Description
This rule specifies the length of time (in minutes) between location reports sent by a BlackBerry device to the BlackBerry Enterprise Server. The permitted range is 15 through 60 minutes.
Default value
117
MDS Integration Service policy group
BlackBerry Device Software version 4.2.2 BlackBerry Enterprise Server version 4.1 SP3
Enterprise Location Tracking User Prompt Message IT policy rule

Description
This rule specifies the message that a BlackBerry device displays to notify a user that the BlackBerry Enterprise Server is tracking the location of the BlackBerry device.
Default value
The default value is "Your location is now being tracked at the server."

Allow Access to Multiple Domains IT policy rule
Description
This rule specifies whether to permit users to install a BlackBerry MDS Runtime Application that uses multiple web services on a BlackBerry device.
Default value
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 5.0 BlackBerry Application Suite version 1.0
Allow Discovery By User IT policy rule

Description
118
This rule specifies whether to prevent a user from searching for and installing BlackBerry MDS Runtime Applications on a BlackBerry device.
Default value
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 5.0 BlackBerry Application Suite version 1.0
Disable Activation With Public BlackBerry MDS Integration Service IT policy rule
Description
This rule specifies whether to prevent a BlackBerry device user from initiating a connection with the public BlackBerry MDS Integration Service.
Default value
Disable MDS Runtime IT policy rule

Description
This rule specifies whether the BlackBerry MDS Runtime is available on a BlackBerry device.
Default value
Usage
Change this rule to Yes to prevent a user from activating the BlackBerry MDS Runtime.
119
Disable User-Initiated Activation With Public BlackBerry MDS Integration Service IT policy rule
Description
This rule specifies whether to prevent a BlackBerry device user from initiating a connection with the BlackBerry MDS Integration Service.
Default value
Usage
Change this rule to Yes to prevent a user from initiating the BlackBerry MDS Integration Service connection.
Enable Access to Device Data for MDS Runtime 4.3.0 and earlier IT policy rule
Description
This rule specifies whether BlackBerry MDS Runtime version 4.3.0 and earlier can access the organizer data, interprocess communication, and phone on a BlackBerry device.
Default value
Java based BlackBerry device BlackBerry Device Software version 4.1.0 BlackBerry Enterprise Server version 5.0
Lowest BlackBerry MDS Integration Service Security Version Allowed IT policy rule
Description
120
This rule specifies the lowest security version permitted for the BlackBerry MDS Integration Service.
Default value
The default value is 1.
Usage
Change this rule to 1 to permit a BlackBerry device that is running BlackBerry MDS Runtime version 1.1 or later to communicate with all versions of the BlackBerry MDS Integration Service. Change this rule to 2 to permit a BlackBerry device that is running BlackBerry MDS Runtime version 1.1 or later to communicate with BlackBerry MDS Integration Service version 4.1 SP2 or later only.
Queue Limit for Inbound Application Messages IT policy rule

Description
This rule specifies the maximum number of incoming messages from BlackBerry MDS Runtime that can be queued locally on a BlackBerry device. The permitted range is 0 through 1000 messages.
Default value
The default value is 8 messages.
Queue Limit for Outbound Application Messages IT policy rule

Description
This rule specifies the number of outgoing messages from BlackBerry MDS Runtime that can be queued locally on a BlackBerry device. The permitted range is 0 through 1000 messages.
Default value
The default value is 16 messages.
121
Memory Cleaner policy group
BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 5.0
Verify BlackBerry MDS Integration Service Certificate IT policy rule

Description
This rule specifies whether the BlackBerry MDS Runtime verifies the BlackBerry MDS Integration Service certificate.
Default value
The default value is No. The BlackBerry MDS Integration Service permits unauthenticated connections from a BlackBerry device that is running BlackBerry MDS Runtime version 1.1 or later.
Usage
If you change this rule to Yes, the BlackBerry MDS Integration Service does not permit unauthenticated connections from a BlackBerry device that is running BlackBerry MDS Runtime version 1.1 or later.

For more information about cleaning the BlackBerry device memory, see the BlackBerry Enterprise Solution Security Technical Overview.
Force Memory Clean When Closed IT policy rule

Description
This rule specifies whether BlackBerry Pearl 8220 and BlackBerry 8210 smartphones run the memory cleaner application when the flip is closed.
Default value
122
BlackBerry Application Suite version 1.0
Force Memory Clean When Holstered IT policy rule

Description
This rule specifies whether a BlackBerry device cleans its memory while in the BlackBerry device holster.
Default value
Java based BlackBerry device S/MIME Support Package for BlackBerry smartphones version 1.5 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP3
Exceptions
Force Memory Clean When Idle IT policy rule

Description
This rule specifies whether a BlackBerry device cleans its memory during periods of user inactivity.
Default value
Java based BlackBerry device S/MIME Support Package for BlackBerry smartphones version 1.5 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP3
Exceptions
123
On-Device Help policy group
Memory Cleaner Maximum Idle Time IT policy rule

Description
This rule specifies the maximum time (in minutes) that a BlackBerry device can be inactive before the BlackBerry device cleans its memory. The permitted range is 1 through 60 minutes.
Default value
Dependencies
A BlackBerry device uses this rule only if you configure the Force Memory Clean When Idle IT policy rule to Yes.
Exceptions
On-Device Help policy group

On-Device Help Group Label IT policy rule
Description
This rule specifies a label to use for multiple links in the help on a BlackBerry device.
Default value
Dependencies
Configure a group label if you specify multiple links using the On-Device Help Links IT policy rule.
124
Password policy group
On-Device Help Links IT policy rule

Description
This rule specifies links to add to the index page of the help on a BlackBerry device.
Default value
Usage
Specify links using the following format: <uri1|label1|>...<|urix|labelx> .
Dependencies
If you specify multiple links, you should also configure a label in the On-Device Help Group Label IT policy rule.

A BlackBerry device uses the IT policy rules in the Password policy group only if, in the Device Only items, you configure the Password Required IT policy rule to Yes. For more information about using passwords on BlackBerry devices, see the BlackBerry Enterprise Solution Security Technical Overview.
Duress Notification Address IT policy rule

Description
This rule specifies the email address that is notified when users type their BlackBerry device passwords under duress. Users can indicate that they are unlocking their devices against their will by moving the first character of the password to the end. For example, if a BlackBerry device password is blackberry, the duress password is lackberryb. If you configure this rule, the maximum number of password attempts is reduced by half. Each time a user types a password to unlock a BlackBerry device, the BlackBerry device must verify whether the password is either the correct password or the duress password.
Default value
125
Usage
Configure this rule to permit a user to notify you that a BlackBerry device might have been stolen. Instruct users how to use the duress password feature. To prevent an unlocked BlackBerry device that was stolen from receiving a response to the duress notification, the email address that you specify should be active and you should not configure an out-of-office reply for it.
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Forbidden Passwords IT policy rule

Description
This rule specifies the passwords that a BlackBerry device user cannot use. Separate multiple passwords with a comma (,).
Default value
Usage
By default, a BlackBerry device prevents a user from configuring passwords that use a natural sequence of characters or numbers. The BlackBerry device also automatically prevents common letter substitutions. For example, if you include "password" in the forbidden passwords list, users cannot use "p@ssw0rd", "pa$zword", or "password123" on the BlackBerry device.
Dependencies
Maximum Password History IT policy rule

Description
126
This rule specifies the maximum number of previous passwords that a BlackBerry device checks new passwords against to prevent a user from reusing previous passwords.
Default values
The default value in the Default and Basic password security IT policies is 0. The BlackBerry device does not check for reused passwords. The default value in all other preconfigured IT policies is 6.
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 1.2, 2.0, 2.1, or 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
Periodic Challenge Time IT policy rule

Description
This rule specifies the security timeout interval (in minutes) after which a BlackBerry device locks and prompts a user to type a password, regardless of whether the BlackBerry device was active during that interval.
Default value
By default, if you change the Enable Long-Term Timeout IT policy rule to Yes, the security timeout interval is turned on and set to 60 minutes.
Usage
Type a periodic challenge time to shorten or extend the security timeout interval to a value that is within the range of 1 to 1440 minutes.
Dependencies
A BlackBerry device uses this rule only if a password is configured on the BlackBerry device. To require that a user configure a password, configure the Password Required IT policy rule to Yes. You can also change the User Can Change Timeout IT policy rule to No so that a user cannot change the timeout settings on a BlackBerry device.
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0
127
Set Maximum Password Attempts IT policy rule

Description
This rule specifies the number of password attempts that a user can make before a BlackBerry device permanently deletes all of the application data. The permitted range is 3 through 10 attempts.
Default value
The default setting is 10 password attempts.
Usage
The maximum number of password attempts is 10. Use this rule to lower the number of password attempts.
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 1.2, 2.0, 2.1, or 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software versions 4.0 and later.
Set Password Timeout IT policy rule

Description
This rule specifies the number of minutes of inactivity before the security timeout occurs and a BlackBerry device user must type the password to unlock the BlackBerry device.
Default value
For BlackBerry Device Software versions earlier than version 4.7, the default value is 2 minutes. For BlackBerry Device Software version 4.7 and later, the default value is 30 minutes.
Usage
Use this rule to change the default security timeout interval.
Dependencies
A BlackBerry device uses this rule only if you change the Password Required IT policy rule to Yes. If you do not change the User Can Change Timeout IT policy rule to No, the user can change the security timeout to any value.
128
By default, the maximum security timeout interval is 60 minutes.
Exceptions
Suppress Password Echo IT policy rule

Description
This rule specifies whether, after a given number of incorrect password attempts, the characters that a user types in the Password dialog box appear on the screen.
Default value
Dependencies
The BlackBerry device uses this rule only if a password is configured on the BlackBerry device. To require a password, configure the Password Required rule to Yes. To specify the number of incorrect password attempts that the BlackBerry device permits before the typed characters appear on the screen, configure the Set Maximum Password Attempts rule. By default, if you configure the FIPS Level IT policy rule to 2, the characters that a user types do not appear on the screen.
Exceptions
129
PIM Synchronization policy group

Disable Address Wireless Synchronization IT policy rule
Description
This rule specifies whether wireless data synchronization for the address book on a BlackBerry device is turned off.
Default value
C++ based BlackBerry device that is running BlackBerry Device Software version 2.7 Java based BlackBerry device that is running BlackBerry Device Software version 4.0 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Enterprise Server version 4.0
Exceptions
Disable All Wireless Synchronization IT policy rule

Description
This rule specifies whether wireless data synchronization is turned off.
Default value
Usage
Change this rule to Yes to turn off all wireless data synchronization, except wireless email reconciliation. Changing the rule prevents the following actions: wireless synchronization of contact entries, calendar entries, email message filters, tasks, and memos wireless synchronization of all logging information wireless backup of data, including device configuration data wireless bulk loads activation of BlackBerry devices over the wireless network When you change this rule, wireless synchronization of all logging on the BlackBerry device, including phone call logs, PIN message logs, and SMS message logs, is turned off, and log information is not available for compliance purposes.
130
The BlackBerry device does not report its IT policy time, model name, BlackBerry Device Software version, phone number, or SIM information to the BlackBerry Enterprise Server, although you can verify this information on the BlackBerry device. If you apply this rule, the user account name no longer appears in the SyncDeviceMgmtSummary table in the BlackBerry Configuration Database.
Disable BlackBerry Messenger Wireless Synchronization IT policy rule

Description
This rule specifies whether wireless synchronization of the message database for the BlackBerry Messenger is turned off.
Default value
The default value is Yes. The message database for the BlackBerry Messenger does not synchronize wirelessly.
Usage
When you change this rule, the BlackBerry Messenger logs all message text in unencrypted format in the log file that you specify. You must verify that the target log file is in a location that your organization's security policies restrict internal and external user access to.
Disable Calendar Wireless Synchronization IT policy rule

Description
This rule specifies whether wireless data synchronization for the calendar is turned off.
Default value
131
BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Enterprise Server version 4.0
Exceptions
Disable Enterprise Activation Progress IT policy rule

Description
This rule specifies whether the Home screen displays enterprise activation progress.
Default value
The default value is Yes. Activation progress does not appear on the Home screen.
Disable Memopad Wireless Sync IT policy rule

Description
This rule specifies whether wireless data synchronization for memos is turned off.
Default value
Exceptions
132
Disable Phone Call Log Wireless Synchronization IT policy rule

Description
This rule specifies whether wireless data synchronization for call logs is turned off.
Default value
Disable PIN Messages Wireless Synchronization IT policy rule

Description
This rule specifies whether wireless data synchronization for PIN messages is turned off.
Default value
Usage
If you change this rule to No, the BlackBerry Enterprise Server logs all PIN messages in unencrypted format to the log file that you specify. Make sure that the log file is in a location that restricts internal and external user access.
Disable SMS Messages Wireless Sync IT policy rule

Description
This rule specifies whether wireless data synchronization for SMS text messages is turned off.
Default value
Usage
133
If you change this rule to No, the BlackBerry Enterprise Server logs all SMS text messages in unencrypted format to the log file that you specify. Make sure that the log file is in a location that restricts internal and external user access.
Exceptions
Disable Task Wireless Sync IT policy rule

Description
This rule specifies whether wireless data synchronization for tasks is turned off.
Default value
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this IT policy rule only for Java based BlackBerry devices.
Disable Wireless Bulk Loads IT policy rule

Description
This rule specifies whether wireless data synchronization, during activation or as part of a backup and restore operation, is turned off.
Default value
Usage
Change this rule to Yes to minimize wireless data transfers when activating or updating a BlackBerry device. A BlackBerry device must be physically connected to a computer before the data transfer starts.
134
PGP Application policy group
If a BlackBerry device is disconnected from the computer during the initial data transfer, the BlackBerry Desktop Software sends the remaining data over the wireless network.
C++ based BlackBerry device that is running BlackBerry Device Software version 2.7 Java based BlackBerry device that is running BlackBerry Device Software version 4.0 BlackBerry Connect version 4.0 (internal) BlackBerry Enterprise Server version 4.0
Exceptions

The IT policy rules in the PGP Application policy group apply to BlackBerry devices running the PGP Support Package for BlackBerry smartphones. For more information about using the PGP Support Package for BlackBerry smartphones, see the PGP Support Package for BlackBerry Devices Security Technical Overview.
PGP Allowed Content Ciphers IT policy rule

Description
This rule specifies the encryption algorithms that a BlackBerry device can use to encrypt PGP protected messages.
Default value
The default value is to use all supported algorithms.
Usage
Specify the content ciphers that a BlackBerry device can use to encrypt PGP messages from the following list: AES (256-bit) AES (192-bit) AES (128-bit) CAST (128-bit) Triple DES
To maintain compatibility with most PGP clients, use Triple DES encryption and CAST. By default, a BlackBerry device is designed to encrypt email messages using Triple DES encryption if it does not know the decryption capabilities available to a recipient.
Dependencies
135
If you configure the FIPS Level IT policy rule to 2, a BlackBerry device uses AES (256-bit), AES (192-bit), AES (128-bit), and Triple DES encryption.
Java based BlackBerry device PGP Support Package for BlackBerry smartphones version 4.1 BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP2
Exceptions
PGP Allowed Encrypted Attachment Mode

Description
This rule specifies the mode for retrieving PGP protected attachment information on a BlackBerry device.
Default value
The default value is Automatic. A BlackBerry device requests decrypted attachment information from the BlackBerry Enterprise Server automatically when users open PGP protected messages that contain attachments.
PGP Allowed Encryption Types IT policy rule

Description
This rule specifies the types of encryption that a BlackBerry device can use with PGP protected messaging.
Default value
The default value is Both. The BlackBerry device uses PGP based encryption and conventional encryption.
Java based BlackBerry device PGP Support Package for BlackBerry smartphones version 4.0 BlackBerry Device Software version 4.6 BlackBerry Enterprise Server version 4.1 SP6
136
PGP Blind Copy Address IT policy rule

Description
This rule specifies an email address that is added as a BCC recipient to all encrypted PGP messages that a BlackBerry device sends.
Default value
Exceptions
PGP Force Digital Signature IT policy rule

Description
This rule specifies whether a BlackBerry device digitally signs all PGP protected messages that it sends.
Default value
Usage
If you apply this rule, you might override secure email policy settings on the PGP Universal Server.
Exceptions
137
PGP Force Encrypted Messages IT policy rule

Description
This rule specifies whether a BlackBerry device encrypts all PGP protected messages that it sends.
Default value
Usage
If you apply this rule, you might override secure email policy settings on the PGP Universal Server.
Exceptions
PGP Minimum Strong DH Key Length IT policy rule

Description
This rule specifies the minimum Diffie-Hellman key size (in bits) to use with PGP protected messages. The permitted range is 512 through 4096 bits.
Default value
Dependencies
Configure the Disable Weak Certificate Use IT policy rule to Yes to prevent a user from sending email messages using certificates that have corresponding weak public keys.
Exceptions
138
PGP Minimum Strong DSA Key Length IT policy rule

Description
This rule specifies the minimum DSA key size (in bits) to use with PGP protected messages. The permitted range is 512 through 1024 bits.
Default value
Dependencies
Configure the Disable Weak Certificate Use IT policy rule to Yes to prevent a user from sending email messages using certificates that have corresponding weak public keys.
Exceptions
PGP Minimum Strong RSA Key Length IT policy rule

Description
This rule specifies the minimum RSA key size (in bits) to use with PGP protected messages. The permitted range is 512 through 4096 bits.
Default value
Dependencies
Configure the Disable Weak Certificate Use IT policy rule to Yes to prevent users from sending email messages using certificates that have corresponding weak public keys.
Java based BlackBerry device PGP Support Package for BlackBerry smartphones version 4.1 BlackBerry Application Suite version 1.0
139
Exceptions
PGP More All and Send Mode IT policy rule

Description
This rule specifies the mode that a BlackBerry device uses to retrieve the complete text of an email message when a user replies to or forwards that email message.
Default value
The default value is Manual. A BlackBerry device user must request the complete text of the email message when the user replies to or forwards that email message.
Usage
Change this rule to Automatic to retrieve the complete text of the email message automatically.
PGP Universal Enrollment Method IT policy rule

Description
This rule specifies the method that users must use to enroll with the PGP Universal Server from a BlackBerry device.
Default value
The default value is Email-based enrolment. Users are prompted to type their email address.
Usage
Change this rule to Domain username/password enrolment to prompt users to type their user name and password. Users must submit their enrollment information before sending and receiving PGP protected messages on a BlackBerry device.
Java based BlackBerry device PGP Support Package for BlackBerry smartphones version 4.1 BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1
140
Exceptions
PGP Universal Policy Cache Timeout IT policy rule

Description
This rule specifies the length of time (in hours) that a BlackBerry device caches the PGP Universal Server address. The permitted range is 4 through 48 hours.
Default value
Exceptions
PGP Universal Server Address IT policy rule

Description
This rule specifies the address of your organization's PGP Universal Server. The PGP Universal Server applies secure email policies that the PGP Universal Server administrator configures.
Default value
Usage
Configure this rule to require the user to register with the PGP Universal Server. When registered, a BlackBerry device with the PGP Support Package for BlackBerry smartphones enforces compliance with the secure email policies for all email messages.
Dependencies
If you configure this rule, a user must install the PGP Support Package for BlackBerry smartphones on the BlackBerry device.
141
RIM Value-Added Applications policy group
PGP Support Package for BlackBerry smartphones version 4.1 BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP2
Exceptions

Allow Edits to BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule
Description
This rule specifies whether a user can change the URL for the BlackBerry Social Networking Application Proxy for IBM Lotus Quickr on a BlackBerry device.
Default value
The default value is Yes. A BlackBerry device user can change the URL that you specify in the BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule.
Usage
If you change this rule to No, a user cannot change the URL that you specify in the BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule.
Dependencies
This rule is related to the BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule.
Allow TiVo for BlackBerry application IT policy rule

Description
This rule specifies whether the TiVo for BlackBerry application on the BlackBerry device is turned on.
Default value
The default value is Yes. The TiVo for BlackBerry application is turned on.
142
BlackBerry Social Network Application Proxy URL for Lotus Connections IT policy rule
Description
This rule specifies the URL of the server that hosts the BlackBerry Social Networking Application Proxy that the BlackBerry Client for IBM Lotus Connections uses (for example, https://<server_name>:<port>/ lcs-230/services/).
Default value
Usage
If you configure this rule, you can use the Allow Edits to BlackBerry Social Network Application Proxy URL for Lotus Connections IT policy rule to control whether the user can change the URL of the host server. If you do not configure this rule, a user can access the host server by typing the URL on the BlackBerry device.
Dependencies
This rule is related to the Allow Edits to BlackBerry Social Network Application Proxy URL for Lotus Connections IT policy rule.
BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule
Description
This rule specifies the URL of the server that hosts the BlackBerry Social Networking Application Proxy that the BlackBerry Client for IBM Lotus Quickr uses (for example, https://<server_name>:<port>/qkr-100/services/).
Default value
Usage
If you configure this rule, you can use the Allow Edits to BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule to control whether the user can change the URL of the host server. If you do not configure this rule, a user can access the host server by typing the URL on the BlackBerry device.
Dependencies
143
This rule is related to the Allow Edits to BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule.
Disable BlackBerry Wallet IT policy rule

Description
This rule specifies whether to prevent BlackBerry Wallet from running on a BlackBerry device.
Default value
Disable Ecommerce Content Optimization Engine IT policy rule

Description
This rule specifies whether to prevent the ecommerce content optimization engine for the BlackBerry Browser from running on a BlackBerry device.
Default value
Disable Lotus Connections IT policy rule

Description
This rule specifies whether to prevent IBM Lotus Connections from running on a BlackBerry device.
Default value
144
Disable Organizer Data Access for Social Networking Applications

Description
This rule specifies whether a BlackBerry device must prevent social networking applications from accessing organizer data.
Default value
The default value is Yes. Social networking applications, such as Facebook, do not have read or write access to the address book, calendar, and other organizer data.
Disable RIM Value-Added Applications IT policy rule

Description
This rule specifies whether to prevent value-added applications that Research In Motion developed from running on a BlackBerry device.
Default value
Exceptions
This rule does not apply to some applications such as the following: Yahoo! Messenger for BlackBerry devices, Windows Live Messenger for BlackBerry devices, AOL Instant Messenger service (AIM service) for BlackBerry devices, ICQ for BlackBerry devices, Google Talk for BlackBerry devices, BlackBerry Client for Microsoft Office Communicator, BlackBerry Client for IBM Lotus Sametime, BlackBerry Client for Novell GroupWise Messenger, BlackBerry Messenger, BlackBerry Maps, some public photo-sharing applications (for example, Flickr and Picasa), Facebook, the BlackBerry MDS Runtime Application, or device diagnostic applications. For more information about the applications, see the application-specific IT policy rules.
Enable the "Tell A Friend" Feature in BlackBerry Client for Lotus Quickr IT policy rule
Description
This rule specifies whether the Tell a Friend feature is turned on in the BlackBerry Client for IBM Lotus Quickr.
Default value
145
The default value is Yes. The Tell a Friend feature is turned on.
Usage
If you change this rule to No, a user cannot send an email invitation with a link that the recipient can use to download the BlackBerry Client for IBM Lotus Quickr.
Lotus Connections Activities Server IT policy rule

Description
This rule specifies the address of the server that hosts the IBM Lotus Connections Activities component.
Default value
Usage
If you configure this rule, users can use the specified server address only. If you do not configure this rule, users must specify the server address manually.
Lotus Connections Blogs Server IT policy rule

Description
This rule specifies the address of the server that hosts the IBM Lotus Connections Blogs component.
Default value
Usage
146
Lotus Connections Communities Server IT policy rule

Description
This rule specifies the address of the server that hosts the IBM Lotus Connections Communities component.
Default value
Usage
Lotus Connections Dogear Server IT policy rule

Description
This rule specifies the address of the server that hosts the IBM Lotus Connections Dogear component.
Default value
Usage
Lotus Connections Profiles Server IT policy rule

Description
This rule specifies the address of the server that hosts the IBM Lotus Connections Profiles component.
Default value
Usage
147
Secure Email policy group
Secure Email policy group

The IT policy rules in the Secure Email policy group apply to BlackBerry devices that are running the S/MIME Support Package for BlackBerry smartphones. For more information about using the S/MIME Support Package for BlackBerry smartphones, see the S/MIME Support Package for BlackBerry Devices Security Technical Overview.
Canonical Certificate Domain Name IT policy rule

Description
This rule specifies the domain name that is used for the email addresses that are contained in certificates that are issued within your organization.
Default value
Usage
Specify the domain name that is used for the email addresses contained in certificates that are issued within the organization. This rule is intended for use in organizations where users' certificates contain a long-lived email address, but users typically send email messages from a shorter-lived email address with the same username component and a different domain component. Use a comma (,) to separate multiple domain names.
Disable Certificate Address Checks IT policy rule

Description
This rule specifies whether a warning appears if a BlackBerry device user receives a signed email message and the sender's email address does not appear in the certificate or the PGP key that was used to sign the email message.
Default value
148
Security policy group
Usage
Consider changing this rule to Yes if your organizations certificates contain email addresses that are different from those that users typically use to send email messages.

Allow External Connections IT policy rule
Description
This rule specifies whether applications, including third-party applications, can initiate external connections (for example, to WAP gateways).
Default value
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and BlackBerry Enterprise Server for Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
Allow Internal Connections IT policy rule

Description
149
This rule specifies whether applications, including third-party applications, can initiate internal connections (for example, to the BlackBerry MDS Connection Service).
Default value
Exceptions
Allow Outgoing Call When Locked IT policy rule

Description
This rule specifies whether users can place calls while a BlackBerry device is locked.
Default value
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Allow Resetting of Idle Timer IT policy rule

Description
This rule specifies whether a BlackBerry device permits third-party applications to reset the inactivity timeout value on a BlackBerry device, bypassing the security timeout value.
Default value
150
Allow Screen Shot Capture IT policy rule

Description
This rule specifies whether a BlackBerry device permits applications, including third-party applications, to take screen shots.
Default value
Allow Smart Card Password Caching IT policy rule

Description
This rule specifies whether a BlackBerry device can cache the smart card password.
Default value
Usage
Change this rule to Yes to cache the smart card password for the period of time that the private key timeout sets. The memory cleaner application deletes the password when the timeout expires.
Dependencies
If you configure this rule, you should also configure the Key Store Password Maximum Timeout IT policy rule.
151
Allow Split-Pipe Connections IT policy rule

Description
This rule specifies whether applications, including third-party applications, can open internal and external connections on a BlackBerry device simultaneously.
Default value
Usage
Opening internal and external connections simultaneously might present a security issue because applications can collect data from inside the firewall and send it outside the firewall without any auditing.
Exceptions
Allow Third Party Apps to Use Persistent Store IT policy rule

Description
This rule specifies whether third-party applications can use the persistent store API on a BlackBerry device.
Default value
Usage
This rule is obsolete in BlackBerry Enterprise Server version 3.6 SP2. In later versions of the BlackBerry Enterprise Server , use the Is access to the interprocess communication API allowed application control policy rule to specify whether applications can access the persistent store API.
Java based BlackBerry device BlackBerry Application Suite version 1.0
152
BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Allow Third Party Apps to Use Serial Port IT policy rule

Description
This rule specifies whether third-party applications can use the serial port, IrDA port, or USB port on a BlackBerry device.
Default value
Java based BlackBerry device BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and BlackBerry Enterprise Server for Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
Allowed Authentication Mechanisms IT policy rule

Description
This rule specifies the types of authentication mechanisms that a BlackBerry device user can turn on. Authentication mechanisms control access to a BlackBerry device.
Default value
The default value is Allowed. Any authentication mechanism permits a user access to a BlackBerry device.
Usage
To permit a user to turn on a specific authentication mechanism, configure this rule to one of the following mechanisms: Smartcard Fingerprint Smartcard and Fingerprint Proximity Other You can control other authentication mechanisms using the User Authenticator API application control policy rule.
Dependencies
153
This rule takes priority over the Force Smart Card Two Factor Authentication IT policy rule. For example, if you configure this rule to prevent smart card authentication but the Force Smart Card Two Factor Authentication IT policy rule is configured to Yes, smart card authentication is not forced.
Certificate Status Maximum Expiry Time IT policy rule

Description
This rule specifies the maximum length of time (in hours) that a certificate status can remain on a BlackBerry device before it should be updated in the key store on the BlackBerry device and in the certificate synchronization tool of the BlackBerry Desktop Manager. The permitted range is 1 through 4380 hours.
Default value
The default value is a null value. The certificate status can remain on the BlackBerry device indefinitely.
Content Protection of Contact List IT policy rule

Description
This rule specifies whether a user can choose to encrypt the contact list on a BlackBerry device when content protection is turned on. The previous name of this rule was Force Include Address Book In Content Protection.
Default value
The default value is Allowed. A user can choose to either exclude the contact list from content protection or include it in content protection.
Usage
For BlackBerry devices that are running BlackBerry Device Software version 5.0 and later, change this rule to Disallowed to turn off the option. The contact list is not content-protected, and the user cannot change this setting on the BlackBerry device.
154
BlackBerry devices that are running BlackBerry Device Software versions that are earlier than version 5.0 process the Disallowed setting in the same way that they process the Required setting. If the contact list is content-protected, when the BlackBerry device is locked, the BlackBerry device does not permit call display and does not share contacts over a Bluetooth connection. If the contact list is not content-protected, when the BlackBerry device is locked, the BlackBerry device permits call display and can share contacts over a Bluetooth connection.
Content Protection Strength IT policy rule

Description
This rule specifies the cryptography strength that a BlackBerry device uses to encrypt content that it receives while it is locked. When you specify a value, the content protection feature is turned on.
Default values
The default value in the Advanced security and Advanced Security with No 3rd Party Applications IT policies is Strong. The default value in all other preconfigured IT policies is a null value.
Usage
Configure this rule to Strong to use a 160-bit ECC public key. This key provides good security and good performance and is adequate for most situations. Configure this rule to Stronger to use a 283-bit ECC public key. This key provides better security but slower performance than the Strong setting. Configure this rule to Strongest to use a 571-bit ECC public key. This key provides the highest level of security but the slowest performance of the three settings. For BlackBerry devices that are running BlackBerry Device Software version 5.0 and later, if onboard device memory exists on the BlackBerry device when you configure this rule, the rule also encrypts the onboard device memory (embedded M.C.) to the user password and a device-generated key. To encrypt the media files in the onboard device memory, configure the Force Encryption on Internal File System Media Files IT policy rule, or instruct the BlackBerry device user to configure file encryption.
155
For BlackBerry devices that are running BlackBerry Device Software versions that are earlier than version 5.0, you can configure the External File System Encryption Level IT policy rule. The External File System Encryption Level IT policy rule also encrypts the media card.
Dependencies
A BlackBerry device uses this rule only if you configure the Password Required IT policy rule to Yes. If you configure this rule to Strong or Stronger, configure the Minimum Password Length IT policy rule to 12 characters. If you configure the content protection strength to Strongest, instruct the user to create a password of at least 21 characters. These password lengths maximize the encryption strength that the longer ECC keys are designed to provide.
Desktop Backup IT policy rule

Description
This rule specifies which BlackBerry device databases are backed up by the BlackBerry Desktop Software.
Default value
The default value is All databases.
Usage
By default, the BlackBerry Desktop Software backs up the information in the following databases: Handheld Keys store Certificate Options Trusted Key Store Policy KeyStoreManager Random Pool PGP Key Store Change this rule to Minimal subset of databases to back up a minimal set of BlackBerry device databases, including databases that some desktop components, such as the certificate synchronization tool of the BlackBerry Desktop Manager, require access to. Change this rule to No databases to prevent the backup of BlackBerry device databases.
156
BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Disable 3DES Transport Crypto IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device from using the Triple DES algorithm to encrypt and decrypt data sent between a BlackBerry device and the BlackBerry Enterprise Server.
Default value
The default value is No. A BlackBerry device and the BlackBerry Enterprise Server can use the Triple DES algorithm and the AES algorithm to encrypt and decrypt data that they send between each other.
Usage
Change this rule to Yes to make it mandatory that a BlackBerry device and the BlackBerry Enterprise Server use the AES algorithm to encrypt and decrypt data that they send between them.
Disable BlackBerry App World IT policy rule

Description
This rule specifies whether the BlackBerry App World application is turned off on the BlackBerry device.
Default value
The default value is No. On the BlackBerry device, the BlackBerry App World application is turned on.
Disable Certificate or Key Import From External Memory IT policy rule

Description
157
This rule specifies whether a BlackBerry device can import certificates and PGP keys, including private keys, from a media card.
Default value
The default value is Yes. A BlackBerry device cannot import certificates and PGP keys from a media card.
Disable Cut/Copy/Paste IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device user from cutting, copying, and pasting text on a BlackBerry device.
Default value
Disable External Memory IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device user from accessing the media card on a supported BlackBerry device.
Default value
158
Disable Forwarding Between Services IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device user from forwarding or replying to a message on a BlackBerry device using an email account or messaging service that is associated with a BlackBerry Enterprise Server or BlackBerry Internet Service that is different from the service that delivered the original message.
Usage
Use this rule to prevent forwarding or replying to a PIN message with an email message, or replying to an email message with a PIN message.
Default value
Disable Geo-Tagging of Photos IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device from adding geographical co-ordinates to the metadata of stored pictures.
Default value
Disable GPS IT policy rule

Description
This rule specifies whether the GPS feature on a BlackBerry device is turned on.
Default value
159
Usage
Change this rule to Yes to turn off the GPS feature and prevent applications on a BlackBerry device from accessing it.
Dependencies
If you change this rule to Yes, BlackBerry Maps does not work and applications cannot access the GPS APIs for the BlackBerry device. This rule overrides the Is Access to the GPS API Allowed application control policy rule setting.
Disable Invalid Certificate Use IT policy rule

Description
This rule specifies whether to prevent a user from sending an email message from a BlackBerry device using an expired or invalid certificate.
Default value
The default value is No. A BlackBerry device warns the user that the certificate is expired or invalid, but it does not prevent the user from using the certificate.
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and BlackBerry Enterprise Server for Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
Disable IP Modem IT policy rule

Description
This rule specifies whether the IP modem on an applicable BlackBerry device is available.
Default value
160
Disable Key Store Backup IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device user from backing up the certificates and private keys that are stored on a BlackBerry device.
Default value
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 BlackBerry Connect version 4.0
Disable Key Store Low Security IT policy rule

Description
This rule (also known as Disable Security Data Low Security IT policy rule) specifies whether to prevent a BlackBerry device user from setting the key store security level to Low.
Default value
Usage
Change this IT policy rule to Yes to require the next highest level of key store security automatically. For BlackBerry devices that are running BlackBerry Device Software version 3.6, the next highest security level is High. For BlackBerry devices that are running BlackBerry Device Software version 4.0 or later, the next highest security level is Medium.
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect Transport Stack version 4.0
161
BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and BlackBerry Enterprise Server for Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
Disable Media Manager FTP Access

Description
This rule specifies whether applications can access the file transfer protocol channel from the media manager tool of the BlackBerry Desktop Manager.
Default value
Java based BlackBerry device BlackBerry Connect version 4.0 (internal) BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Exceptions
Disable Message Normal Send IT policy rule

Description
This rule specifies whether to require a BlackBerry device user to send encrypted or signed email messages.
Default value
Usage
If you change this rule to Yes, to send email messages, the user must install the S/MIME Support Package for BlackBerry smartphones or the PGP Support Package for BlackBerry smartphones. You must also turn on S/MIME message processing on the BlackBerry Enterprise Server or, in the PGP Application policy group, configure the PGP Universal Server Address rule.
162
For BlackBerry devices that are running BlackBerry Device Software version 5.0 and later, this rule applies only to email messages that a user sends through your organizations BlackBerry Enterprise Server. To prevent a user from sending email messages that are not encrypted or signed from a different email message service, such as the BlackBerry Internet Service, in the Service Exclusivity policy group, configure the Allow Other Message Services rule. For BlackBerry devices that are running BlackBerry Device Software versions that are earlier than version 5.0, this rule applies to all email message services.
Exceptions
Disable Peer-to-Peer Normal Send IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device user from sending PIN messages that are not encrypted when using the S/MIME Support Package for BlackBerry smartphones or the PGP Support Package for BlackBerry smartphones.
Default value
Usage
If you change this rule to Yes, to send PIN messages the user must install the S/MIME Support Package for BlackBerry smartphones or the PGP Support Package for BlackBerry smartphones on a BlackBerry device. You must also turn on S/MIME message processing on the BlackBerry Enterprise Server, or configure the PGP Universal Server Address IT policy rule to permit PGP message processing. To turn off all PIN messaging, configure the Allow Peer-to-Peer Messages IT policy rule to No.
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and BlackBerry Enterprise Server for Novell GroupWise version 4.0
163
BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
Disable Persisted Plain Text IT policy rule

Description
This rule specifies whether to prevent applications from keeping the plain text form of a content-protected object in the persistent store on a BlackBerry device (for example, the file system).
Default value
The default value is No. The BlackBerry device can keep the plain text form of a content-protected object in the persistent store.
Usage
Configure this rule only if you require that sensitive data does not persist in plain text form on a BlackBerry device. To prevent any application from storing data in plain text form in the persistent store on a BlackBerry device, configure this rule to Yes. When you configure this rule to Yes, if an application that is installed on a BlackBerry device tries to save data to the persistent store in plain text form, the BlackBerry device performs the following actions: logs an exception error message in the log file on the BlackBerry device resets the BlackBerry device and displays a Java 576 error removes the data that the application tries to save Attention: If you change this rule to Yes, applications on the BlackBerry device that do not use the content protection framework API to encrypt data might not work.
Disable Public Photo Sharing Applications IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device user from uploading pictures to the Internet using public photo sharing applications.
Default value
164
Java based BlackBerry device BlackBerry Enterprise Server version 4.1 SP4 BlackBerry Application Suite version 1.0
Disable Public Social Networking Applications IT policy rule

Description
This rule specifies whether a user can install public social networking applications on a BlackBerry device to access public social networking services (for example, Facebook).
Default value
Disable Radio When Cradled IT policy rule

Description
This rule specifies whether a BlackBerry device turns off the wireless transceiver when it connects to a USB device.
Default value
The default value is Radio not disabled when USB device is connected. The wireless transceiver remains on.
Usage
Change this rule to Radio disabled when USB device is connected to turn off the wireless transceiver while the BlackBerry device is connected to a USB device. Change this rule to Radio disabled when connected USB device enumerates to turn off the wireless transceiver only when a connected USB device (for example, a computer) sends standard USB requests to communicate with a BlackBerry device.
Dependencies
Only USB enabled BlackBerry devices support this rule.
165
Disable Revoked Certificate Use IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device user from sending email messages that are encrypted using revoked certificates.
Default value
The default value is No. A BlackBerry device warns the user that the certificate is revoked, but it does not prevent the user from using the certificate.
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
Disable Smart Password Entry IT policy rule

Description
This rule specifies whether to prevent a user from using smart password entry when using two-factor authentication. If a user uses two-factor authentication and a BlackBerry device password or authentication password is numeric, with smart password entry, the BlackBerry device remembers whether the last password typed was numeric. If the password was numeric, the next time that the user types the password, the user does not have to press the Alt key to type the numbers.
Default value
The default value is No. A BlackBerry device stores the users numeric passwords, and a user can use smart password entry on the BlackBerry device when using two-factor authentication.
Usage
If you change this rule to Yes, a BlackBerry device deletes any knowledge of the users numeric passwords if the user is currently using smart password entry.
166
BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Disable Stale Certificate Status Checks IT policy rule

Description
This rule specifies whether a BlackBerry device displays warnings and indicators if the user receives an email message that includes a certificate with a stale status.
Default value
Usage
If you change this rule to Yes, a BlackBerry device does not display warnings and indicators about stale certificate status. Consider changing this rule to Yes if your organization uses a PKI that does not update the status of certificates.
Dependencies
If you change this rule to Yes, a BlackBerry device ignores the Certificate Status Maximum Expiry Time IT policy rule and the status of certificates on the BlackBerry device never expires.
Disable Stale Status Use IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device user from sending an email message that is encrypted using a certificate with a stale status.
Default value
The default value is No. A BlackBerry device warns the user that the certificate has a stale status, but it does not prevent the user from using the certificate.
167
Disable Untrusted Certificate Use IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device user from sending an email message that is encrypted with a certificate that the BlackBerry device does not trust.
Default value
The default value is No. A BlackBerry device warns the user that the certificate is not trusted, but it does not prevent the user from using the certificate.
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
Disable Unverified Certificate Use IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device user from sending an email message that is encrypted with a certificate that the BlackBerry device cannot verify.
Default value
The default value is No. A BlackBerry device warns the user that the certificate could not be verified, but it does not prevent the user from using the certificate.
168
Disable Unverified CRLs IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device user from accepting CRLs that are not verified on the BlackBerry MDS Connection Service when checking the status of a certificate.
Default value
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Disable USB Mass Storage IT policy rule

Description
This rule specifies whether USB mass storage and the media transport protocol is turned on.
Default values
Usage
The media transport protocol allows a user to transfer media files to the BlackBerry device from a media card. If you change this rule to Yes, a BlackBerry device cannot access a media card that is connected to the USB port. This means that the ability to transfer files to a media card using the Roxio Media Manager with the BlackBerry Desktop Manager versions 4.2.2 and 4.3 is turned off.
Disable Weak Certificate Use IT policy rule

Description
169
This rule specifies whether to prevent a BlackBerry device user from sending an email message using a certificate that has a corresponding weak public key.
Default value
The default value is No. A BlackBerry device warns the user that the corresponding public key is weak, but it does not prevent the user from using the certificate.
Usage
Use the IT policy rules that are provided for the TLS application, the WTLS application, the S/MIME Support Package for BlackBerry smartphones, or the PGP Support Package for BlackBerry smartphones. Configure the minimum strengths for the RSA, DSA, ECC, and Diffie-Hellman algorithm key lengths.
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
Disallow Third Party Application Downloads IT policy rule

Description
This rule specifies whether a user can install an application that the Research In Motion signing authority system has not digitally signed on a BlackBerry device.
Default values
The default value in the Medium password security with No 3rd Party Applications and the Advanced security with No 3rd Party Applications IT policies is Yes. The default value in all other preconfigured IT policies is No.
Usage
This rule prevents a user from installing an unsigned third-party application that is sent over a wireless network or when a BlackBerry device is connected to the BlackBerry Desktop Manager or application loader tool. This rule applies to any unsigned applications that the BlackBerry Enterprise Server or another party send to a BlackBerry device. If you change the value to Yes, this rule does not remove any existing third-party applications from a BlackBerry device.
170
BlackBerry Connect versions 2.1, 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and BlackBerry Enterprise Server for Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
Encryption on On-Board Device Memory Media Files IT policy rule

Description
If a media card is inserted in the BlackBerry device, this rule specifies whether the media files that are located in the media card are encrypted to the user password and the device-generated key.
Default value
The default value is Allowed. If a media card is inserted in the BlackBerry device, encryption of the media files that are in the media card is allowed.
Usage
Change this rule to Required or Disallowed to prevent a user from changing this setting on the BlackBerry device.
Dependencies
A BlackBerry device can use this IT policy rule only if you also configure the Content Protection Strength IT policy rule.
External File System Encryption Level IT policy rule

Description
This rule specifies the level of encryption that a BlackBerry device uses to encrypt files that it stores on a media card.
Default values
The default value in the Default IT policy is Not required. The default value in the Advanced Security and Advanced Security with No 3rd Party Applications IT policies is Encrypt to User Password (excluding multimedia directories).
171
The default value in all other preconfigured IT policies is a null value.
Usage
You can use this rule to require that a BlackBerry device encrypt a media card, either including or excluding media card files. You cannot use this rule to encrypt files that a BlackBerry device user transfers to the media card manually (for example, from a USB mass storage device). The master keys for the media card are stored on the media card. A BlackBerry device is designed to use the master keys to decrypt and encrypt files on the media card. A BlackBerry device is designed to use the BlackBerry device key, a user-provided password, or both to encrypt the master keys. Change this rule to Encrypt to User Password (excluding multimedia directories) if the media card requires encryption with a password that the user provides. Change this rule to Encrypt to User Password (including multimedia directories) if the media card requires encryption with a password that the user provides. Change this rule to Encrypt to Device Key (excluding multimedia directories) if the media card requires encryption with a BlackBerry device key. Change this rule to Encrypt to Device Key (including multimedia directories) if the media card requires encryption with a BlackBerry device key. Change this rule to Encrypt to User Password and Device Key (excluding multimedia directories) if the media card requires encryption with a password that the user provides and a BlackBerry device key. Change this rule to Encrypt to User Password and Device Key (including multimedia directories) if the media card requires encryption with a password that the user provides and the BlackBerry device key.
FIPS Level IT policy rule

Description
This rule specifies the level of FIPS compliance that your organization requires.
Default value
The default value is FIPS 140-2 Level 1 compliance.
Usage
This rule is obsolete in BlackBerry Enterprise Server versions 4.1 SP3 and later and BlackBerry Device Software versions 4.2.1 and later.
172
FIPS 140-2 Level 1 compliance affects the BlackBerry Cryptographic Kernel, which is the embedded cryptographic module required for basic operation of a BlackBerry device. FIPS 140-2 Level 2 compliance affects only the BlackBerry Device Software. It does not result in a BlackBerry device meeting FIPS 140-2 Level 2 hardware security requirements. If you change this rule to Level 2, a BlackBerry device prevents WTLS from using an RC encryption algorithm, which can cause problems when using WTLS.
Dependencies
If you change this rule to 2, the following additional IT policy rules are configured: Password Required is configured to Yes Minimum Password Length is configured to 5 Suppress Password Echo is configured to Yes PGP Allowed Content Ciphers is configured to AES (256-bit), AES (192-bit), AES (128-bit), Triple DES S/MIME Allowed Content Ciphers is configured to AES (256-bit), AES (192-bit), AES (128-bit), Triple DES TLS Restrict FIPS Ciphers is configured to Yes Disallow Third Party Application Download is configured to Yes Java based BlackBerry device For FIPS Level 1 compliance, BlackBerry Device Software version 3.3 For FIPS Level 2 compliance, BlackBerry Device Software version 4.0 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Enterprise Server version 4.0
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 to version 4.2.1.
Firewall Block Incoming Messages IT policy rule

Description
This rule specifies whether the BlackBerry device firewall prevents the BlackBerry device from processing specific types of incoming messages, including SMS text messages, MMS messages, public and organization-specific PIN messages, and BlackBerry Internet Service messages. Note: You use the default PIN encryption key to send public PIN messages that are known to all BlackBerry devices. A BlackBerry device with an organization-specific PIN encryption key can only send and receive organization-specific PIN messages with other BlackBerry devices within your organization's network that use the same PIN encryption key.
Default value
173
Usage
If you configure this rule, a BlackBerry device blocks the specified types of incoming messages at the firewall and does not notify the user that those types of messages were received. A user can specify whether to block public PIN messages on a BlackBerry device. A user cannot specify whether to block organization-specific PIN messages on a BlackBerry device.
Firewall Whitelist Addresses IT policy rule

Description
This rule specifies the list of email addresses that the BlackBerry device firewall allows. A BlackBerry device receives messages from these email addresses even if the user blocks all incoming messages on a BlackBerry device.
Default value
Usage
Specify email addresses with wildcard characters (for example, *@organization.com) to allow email messages from a specific domain.
Force Content Protection Of Master Keys IT policy rule

Description
This rule specifies whether content protection for device transport keys that a BlackBerry device stores is turned on.
Default value
Usage
174
Content protection is designed to encrypt the device transport keys on a BlackBerry device using 256-bit AES, and to store them in the BlackBerry device memory. To turn on content protection for device transport keys, you or a user must turn on content protection on the BlackBerry device. You can turn on content protection on the BlackBerry device using the Content Protection Strength IT Policy Rule.
Force Device Password Entry While User Authentication is Enabled IT policy rule
Description
This rule specifies whether users must type their user names and BlackBerry device passwords when the user authenticator option is turned on.
Default value
Force LED Blinking When Microphone Is On IT policy rule

Description
This rule specifies whether a BlackBerry device LED flashes when the microphone is on (for example, during a call or when recording a voice message).
Default value
175
Force Lock When Closed IT policy rule

Description
This rule specifies whether BlackBerry Pearl 8220 and BlackBerry 8210 smartphones are security locked automatically when the flip is closed.
Default value
Force Lock When Holstered IT policy rule

Description
This rule specifies whether a BlackBerry device locks when a user inserts it in the holster.
Default values
The default value in the Default and Basic password security IT policies is No. The default value in all other preconfigured IT policies is Yes.
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this IT policy rule in BlackBerry Device Software versions 4.0 and later.
Force Multi Factor Authentication IT policy rule

Description
This rule specifies whether to force the use of multifactor authentication on a BlackBerry device.
Default value
176
Usage
To use multifactor authentication on a BlackBerry device, change this rule to Yes. If multiple authentication mechanisms are permitted, a lock icon appears on the BlackBerry device to indicate that a user cannot change it.
Force Notifications for Keys with Medium Security Level IT policy rule
Description
This rule specifies whether a BlackBerry device displays key store notification messages for private keys with a medium security level during the lifetime of the cached key.
Default value
The default value is No. The user can turn off key store notifications for a specific key and application key usage.
Usage
If you change this rule to Yes, a BlackBerry device displays a key store notification message during the cached period when the user opens or sends an uncached secure email message. If a user opens an encrypted message, the BlackBerry device accesses the key store to obtain the private key to decrypt the message.
Force Smart Card Reader Challenge Response while User Authentication is enabled IT policy rule
Description
This rule specifies whether a BlackBerry device requires a user to use the same BlackBerry Smart Card Reader all the time, in addition to the user authenticator password (smart card PIN), when the user turns on two-factor authentication.
Default value
177
Usage
If you change this rule to Yes, a user must delete all of the BlackBerry device data if the BlackBerry Smart Card Reader is lost or stolen. If you change this rule to Yes, a user cannot change the Always Use Same <BlackBerry_device_name> option on a BlackBerry device from Enabled to Disabled.
Force Smart Card Two Factor Authentication IT policy rule

Description
This rule specifies whether a user must type a BlackBerry device password and the smart card password to unlock a BlackBerry device.
Default value
Usage
If you change this rule to Yes, to unlock a BlackBerry device, a user might require an authenticator module for a smart card and must have a smart card driver and a BlackBerry Smart Card Reader driver installed on the BlackBerry device.
Dependencies
If you change this rule to Yes, the BlackBerry Enterprise Server automatically configures the Password Required IT policy rule to Yes in the same IT policy. You must configure the Password Required IT policy rule to Yes manually for a BlackBerry device that is running BlackBerry Device Software versions 4.2 and earlier.
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Smart Card Reader software version 1.5 BlackBerry Enterprise Server for IBM Lotus Domino and BlackBerry Enterprise Server for Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
178
Force Smart Card Two Factor Challenge Response IT policy rule

Description
This rule specifies whether the user must choose a smart card certificate to use with smart card two-factor authentication. This feature is designed to increase the security of smart card two-factor authentication, but when it is turned on, a BlackBerry device requires more time to unlock.
Default value
Usage
If you change this rule to Yes, when the user unlocks a BlackBerry device, the BlackBerry device sends a challenge to the smart card to verify the authenticator module for the smart card. If you change this rule to Yes, to use a BlackBerry device, a user must have a BlackBerry Smart Card Reader, and must install a smart card driver and a BlackBerry Smart Card Reader driver on the BlackBerry device.
Dependencies
A BlackBerry device uses this rule only if you configure the Password Required and Force Smart Card Two Factor Authentication IT policy rules to Yes.
Java based BlackBerry device BlackBerry Connect version 4.0 BlackBerry Device Software version 4.2 BlackBerry Smart Card Reader software version 1.5 BlackBerry Enterprise Server version 4.0 SP6
Key Store Password Maximum Timeout IT policy rule

Description
This rule specifies the maximum number of minutes that can elapse before the timeout period expires for the cached key store password and the BlackBerry device prompts the user to type the password. The permitted range is 1 through 60 minutes.
Default value
Usage
179
The BlackBerry device key store is the database that stores the user's private keys. The key store uses a password to protect the user's private keys. By default, the BlackBerry device caches the key store password to minimize the number of key store password prompts. If you change this rule to 0, a BlackBerry device cannot cache the key store password and cannot reduce the number of password prompts.
Exceptions
Lock on Proximity Authenticator Disconnect IT policy rule

Description
This rule specifies whether a BlackBerry device must lock either when a user disconnects a proximity authenticator, such as the BlackBerry Smart Card Reader, or when a proximity authenticator is out of range of the BlackBerry device.
Default value
The default value in the Advanced security and Advanced security with No 3rd Party Applications IT policies is Yes. The default value in all other preconfigured IT policies is No.
Usage
This IT policy rule does not require the BlackBerry device to use a proximity authenticator. To require the BlackBerry device to use a proximity authenticator, you can configure the Force Multi Factor Authentication IT policy rule and Allowed Authentication Mechanisms IT policy rule.
Lock on Smart Card Removal IT policy rule

Description
180
This rule specifies whether a BlackBerry device locks when the user removes the paired smart card from the BlackBerry Smart Card Reader or disconnects the BlackBerry Smart Card Reader from a BlackBerry device. Not all smart card reader drivers support smart card removal detection.
Default value
Usage
If you change this rule to Yes, to use a BlackBerry device, users might require an authenticator module for the smart card and must have a smart card driver and a BlackBerry Smart Card Reader driver installed on the BlackBerry device.
Dependencies
If you change this rule to Yes, the BlackBerry Enterprise Server configures the Password Required and Force Smart Card Two Factor Authentication IT policy rules to Yes automatically in the same IT policy.
Java based BlackBerry device BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
Login Disclaimer IT policy rule

Description
This rule specifies the disclaimer that a BlackBerry device can display before a user unlocks the BlackBerry device for the first time after you or a user resets the BlackBerry device.
Default value
Usage
The maximum length of a specified disclaimer is 512 characters.
181
Maximum Smart Card User Authenticator Certificate Status Check Period IT policy rule
Description
This rule specifies the maximum length of time (in minutes) that can elapse between status checks of the user authentication certificates that a BlackBerry device uses with smart cards. During each period, the BlackBerry device requests the status of the certificate. If the certificate is revoked, the BlackBerry device locks and the user is unable to unlock it unless the certificate status changes from On Hold to Good. The permitted range between status checks is 240 to 40320 minutes.
Default value
The default value is -1, which specifies no time limit.
Dependencies
A BlackBerry device uses this rule only if you configure the Password Required, Force Smart Card User Authentication, and Force Smart Card Two Factor Challenge Response IT policy rules to Yes.
Media Card Format on Device Wipe IT policy rule

Description
This rule specifies whether a BlackBerry device formats a media card when a user or administrator permanently deletes all data on a BlackBerry device.
Default value
The default value is Allowed.
Usage
To prevent a user from changing this setting on a BlackBerry device, change this rule to Required or Disallowed.
Dependencies
A BlackBerry device can use this IT policy rule only if you also configure the Content Protection Strength IT policy rule.
182
Message Classification IT policy rule

Description
This rule specifies the set of message classifications that are available to apply to email messages sent using the BlackBerry Enterprise Server.
Default value
Message Classification Title IT policy rule

Description
This rule specifies the title of the message classification that a BlackBerry device includes when users apply the message classification to email messages.
Default value
Minimal Encryption Key Store Security Level IT policy rule

Description
This rule specifies the minimum security level of the private key that a BlackBerry device uses to encrypt email messages.
Default value
The default value is Low security. A BlackBerry device never prompts the user for the key store password when accessing the private key to encrypt messages.
Usage
183
If you change this rule to Medium security, a BlackBerry device prompts the user for the key store password when accessing the private key to encrypt messages only if the password is cleared from the key store cache. If you change this rule to High security, a BlackBerry device always prompts the user for the key store password when accessing the private key to encrypt messages. If the user typed the password recently, the BlackBerry device prompts the user to confirm the password. When you configure this rule, all keys must use the security level that you configure as the minimum, but a user can configure a higher security level on the BlackBerry device.
Minimal Signing Key Store Security Level IT policy rule

Description
This rule specifies the minimum security level of the private key that a BlackBerry device uses to sign email messages.
Default value
The default value is Low security. A BlackBerry device never prompts the user for the key store password when accessing the private key to sign messages.
Usage
If you change this rule to Medium security, a BlackBerry device prompts the user for the key store password when accessing the private key to sign messages only if the password is cleared from the key store cache. If you change this rule to High security, a BlackBerry device always prompts the user for the key store password when accessing the private key to sign messages. If the user typed the password recently, the BlackBerry device prompts the user to confirm the password. When you configure this rule, keys must use the security level that you configure as the minimum, but the user can configure a higher security level on a BlackBerry device.
184
Password Required for Application Download IT policy rule

Description
This rule specifies whether a BlackBerry device prompts a user for the BlackBerry device password when using the browser to download applications.
Default value
Dependencies
A BlackBerry device uses this rule only if you configure the Password Required IT policy rule to Yes.
Require Secure APB Messages IT policy rule

Description
This rule specifies whether the BlackBerry device can receive email messages that are not secure, including APB messages from a BlackBerry Enterprise Server.
Default value
Usage
A BlackBerry device can receive all email messages from the BlackBerry Enterprise Server that are not blocked at the BlackBerry device firewall unless you change this rule to Yes.
Required Password Pattern IT policy rule

Description
This rule specifies the permitted structure of a BlackBerry device password.
185
Passwords can contain Latin-1 characters only.
Default value
Usage
Use the following characters in the password pattern to specify the character type that is permitted and its position in the password: a: Permits any letter. A: Permits an uppercase letter only. c: Permits any consonant letter. C: Permits an uppercase consonant letter only. v: Permits any vowel. V: Permits an uppercase vowel only. N, n, or #: Permits a number only. S, s, or @: Permits a symbol only. ?: Permits any letter, number, or symbol.
If you configure this rule, the user can create a password that is greater than or equal to the length of the pattern on a BlackBerry device. Password characters that exceed the pattern length can be any letters, numbers, or symbols. Attention: Preventing a particular password character reduces the entropy level and security level of the password.
Reset to Factory Defaults on Wipe IT policy rule

Description
This rule specifies whether a BlackBerry device resets to the factory default settings when it receives the Delete all device data and disable device IT administration command over the wireless network. The previous name of this rule was Remote Wipe Reset to Factory Defaults.
Default value
Usage
Change this rule to Yes to require a BlackBerry device to delete its stored IT policy permanently, delete all third-party applications, and delete all user data after it receives the IT administration command.
186
For BlackBerry devices that are running BlackBerry Device Software version 5.0 and later, this rule is enforced both remotely (when an administrator erases the data on a BlackBerry device remotely) and locally (for example, when the user exceeds the maximum password attempts or erases all data on the BlackBerry device). For BlackBerry devices that are running BlackBerry Device Software versions that are earlier than version 5.0, this rule is enforced only when an administrator erases the data remotely.
Secure Wipe Delay After IT Policy Received IT policy rule

Description
This rule specifies the length of time (in hours) that can elapse after receiving an IT policy update or an IT administration command that a BlackBerry device deletes all user data. The permitted range is 2 through 720 hours.
Default value
The default value is Disabled.
Usage
Use this rule to require that a BlackBerry device that cannot receive IT policy updates or IT administration commands delete user data after a specific period of time.
Dependencies
If you configure this rule to prevent deleting user data unexpectedly, on the BlackBerry Enterprise Server, in the BlackBerry Administration Service, configure the Policy Resend Interval to a lower value than the value that you configure in this rule.
Secure Wipe Delay After Lock IT policy rule

Description
This rule specifies the length of time (in hours) after a BlackBerry device locks that the device deletes all user data. The permitted range is 2 through 720 hours.
Default setting
187
The default setting is Disabled.
Usage
Use this rule to require that a BlackBerry device delete the user data if the user has not unlocked the BlackBerry device within the specified period of time.
Secure Wipe if Low Battery IT policy rule

Description
This rule specifies whether a BlackBerry device deletes all user data if the battery power level is too low.
Default value
Usage
Use this rule to require that a BlackBerry device that cannot receive IT policy updates or IT administration commands deletes user data when the battery power level is too low.
Security Service Colors IT policy rule

Description
This rule specifies two background colors for email messages that a BlackBerry device receives. Configure the colors in redgreen-blue hexadecimal format. The first color represents the background color of email messages that a BlackBerry device receives from the same BlackBerry Enterprise Server that sent the IT policy. The second color represents the background color of email messages that a BlackBerry device receives from other services (for example, from the BlackBerry Internet Service).
Default value
188
Usage
You might configure this rule to one of the following example colors: 0xffffff: white 0x000000: black 0xff0000: red 0x00ff00: green 0x0000ff: blue Java based BlackBerry device BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Security Transcoder Cod File Hashes IT policy rule

Description
This rule specifies which .cod files a BlackBerry device permits to register as transcoders. Attention: If you specify third-party applications that can use the Transcoder API on a BlackBerry device, those applications might impact the security, usability, and performance of the BlackBerry Enterprise Solution. For more information, see the BlackBerry Enterprise Solution Security Technical Overview.
Default value
Usage
To permit a third-party encryption scheme to be used in conjunction with BlackBerry Enterprise Solution encryption, configure hashes in hexadecimal format, separated by commas. A BlackBerry device reads this information from the command javaloader siblinginfo <implementation_file.cod> .
Trusted Certificate Thumbprints IT policy rule

Description
189
This rule specifies the Hex-ASCII certificate thumbprints used on a BlackBerry device that are generated using the SHA-1, MD5, SHA-256, or SHA-512 algorithm. Separate multiple thumbprints with semi-colons (;).
Default value
Usage
If you configure this rule, a user can only add certificates to the trusted key store that use the thumbprints that appear in the defined list. The SHA-256 algorithm and SHA-512 algorithm require BlackBerry Device Software version 5.1 or later.
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software versions 4.0 and later.
Two Factor Content Protection Usage IT policy rule

Description
This rule specifies whether a user can turn on two-factor content protection on a BlackBerry device.
Default value
The default value is Allowed. A user can turn on two-factor content protection on a BlackBerry device.
Usage
Two-factor content protection on the BlackBerry device is designed to protect the content protection decryption keys with both a private key that is stored on a smart card and the BlackBerry device password. When a user turns on two-factor content protection, the BlackBerry device requires more time to unlock than when two-factor content protection is not turned on. To unlock the BlackBerry device, the user must have the appropriate smart card driver and a supported driver for the smart card reader installed on the BlackBerry device. You cannot reset the BlackBerry device password after you or a user turns on two-factor content protection. To restore the content protection decryption keys and unlock the BlackBerry device, the user must have the smart card and must know the BlackBerry device password and the PIN for the smart card.
Dependencies
190
S/MIME Application policy group
If you change this rule to Required, the BlackBerry device can use this rule only if you also configure the Content Protection Strength IT policy rule and change the value of the Force Smart Card Two Factor Authentication IT policy rule to Yes. Alternatively, instead of changing the value of the Force Smart Card Two Factor Authentication IT policy rule to Yes, you can change the value of the Force Multi Factor Authentication IT policy rule to Yes and change the Allowed Authentication Mechanisms IT policy rule to use only a smart card user authenticator.
Weak Digest Algorithms IT policy rule

Description
This rule specifies the digest algorithms that a BlackBerry device considers weak. When a BlackBerry device sends email messages, it uses the algorithms that it considers strong to digitally sign the messages. A BlackBerry device uses the list of weak digest algorithms to verify the following data: algorithms that are used to digitally sign messages that a BlackBerry device receives are strong enough certificate chains for the certificates that are used to sign messages that a BlackBerry device receives are strong enough
Default value
By default, no algorithms are specified as weak.
Usage
Specify a list of algorithms that a BlackBerry device considers weak. This prevents a user from sending an S/MIME-encrypted or PGP encrypted message using a certificate or key that has a corresponding public key that is weak. You cannot specify SHA-384 and SHA-512 as weak algorithms.

The IT policy rules in the S/MIME Application policy group apply to BlackBerry devices running the S/MIME Support Package for BlackBerry smartphones. For more information about using the S/MIME Support Package for BlackBerry smartphones, see the S/MIME Support Package for BlackBerry Devices Security Technical Overview.
191
Entrust Messaging Server (EMS) Email Address IT policy rule

Description
This rule specifies the email address for your organization's Entrust Entelligence Messaging Server.
Default value
Usage
Use a null value if your organization does not use an Entrust Entelligence messaging server.
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP3 S/MIME Support Package for BlackBerry smartphones version 4.0
Exceptions
S/MIME Allowed Content Ciphers IT policy rule

Description
This rule specifies the encryption algorithms that a BlackBerry device can use to encrypt S/MIME-protected messages.
Default value
The default value is to use all supported algorithms.
Usage
To maintain compatibility with most S/MIME clients, use Triple DES encryption and one of the RC2 algorithms. By default, a BlackBerry device is designed to encrypt email messages using Triple DES encryption if it does not know the decryption capabilities available to the recipient.
Dependencies
If you configure the FIPS Level IT policy rule to 2, a BlackBerry device uses AES (256-bit), AES (192-bit), AES (128-bit), and Triple DES encryption.
192
S/MIME Support Package for BlackBerry smartphones version 1.5 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP3
Exceptions
S/MIME Allowed Encrypted Attachment Mode IT policy rule

Description
This rule specifies the mode for retrieving S/MIME-protected attachment information on a BlackBerry device.
Default value
The default value is Automatic. A BlackBerry device requests decrypted attachment information from the BlackBerry Enterprise Server automatically when a user opens S/MIME-protected messages that contain attachments.
S/MIME Allowed Encryption Types IT policy rule

Description
This rule specifies the types of encryption that a BlackBerry device can use with S/MIME-protected messaging.
Default value
The default value is Both. The BlackBerry device uses certificate-based encryption and password-based encryption.
Usage
Configure this rule to Certificate-based encryption only. Configure this rule to Password-based encryption only.
Java based BlackBerry device BlackBerry Device Software version 4.6 BlackBerry Enterprise Server version 4.1 SP6 S/MIME Support Package for BlackBerry smartphones version 4.0
193
S/MIME Blind Copy Address IT policy rule

Description
This rule specifies an email address that is added as a BCC recipient to all sent S/MIME-protected messages.
Default value
Exceptions
S/MIME Force Digital Signature IT policy rule

Description
This rule specifies whether a BlackBerry device sends all S/MIME-protected messages digitally signed.
Default value
Exceptions
194
S/MIME Force Encrypted Messages IT policy rule

Description
This rule specifies whether a BlackBerry device encrypts all messages that it sends using S/MIME encryption.
Default value
Exceptions
S/MIME Force Smartcard Use IT policy rule

Description
This rule specifies whether all operations that use certificates on a BlackBerry device must be performed while the device is attached to a BlackBerry Smart Card Reader.
Default value
Exceptions
195
S/MIME Minimum Strong DH Key Length IT policy rule

Description
This rule specifies the minimum Diffie-Hellman key size (in bits) to use with S/MIME-protected messages. The permitted range is 512 through 4096 bits.
Default value
Exceptions
S/MIME Minimum Strong DSA Key Length IT policy rule

Description
This rule specifies the minimum DSA key size (in bits) to use with S/MIME-protected messages. The permitted range is 512 through 1024 bits.
Default value
Exceptions
196
S/MIME Minimum Strong ECC Key Length IT policy rule

Description
This rule specifies the minimum ECC key size (in bits) to use with S/MIME-protected messages. The permitted range is 163 through 571 bits.
Default value
Exceptions
S/MIME Minimum Strong RSA Key Length IT policy rule

Description
This rule specifies the minimum RSA key size (in bits) to use with S/MIME-protected messages. The permitted range is 512 through 4096 bits.
Default value
Exceptions
197
Service Exclusivity policy group
S/MIME More All and Send Mode IT policy rule

Description
This rule specifies the mode that a BlackBerry device uses to retrieve the complete text of an email message when a user replies to or forwards that email message.
Default value
The default value is Manual. A BlackBerry device user must request the complete text of the email message when the user replies to or forwards that email message.
Usage
Change this rule to Automatic to retrieve the complete text of the email message automatically.

Allow Other Browser Services IT policy rule
Description
This rule specifies whether a BlackBerry device can use other browser services.
Default value
Usage
Change this rule to No to require that a BlackBerry device send browser data through your organization's BlackBerry Enterprise Server, and to prevent a user from installing other browser services on a BlackBerry device.
198
Allow Other Calendar Services IT policy rule

Description
This rule specifies whether a BlackBerry device user can use calendar services other than the standard calendar application on a BlackBerry device.
Default value
Usage
Change this rule to No to require that a BlackBerry device user in your organization send appointments using a BlackBerry Enterprise Server within your organization's environment.
Allow Other Message Services IT policy rule

Description
This rule specifies whether a BlackBerry device can use other email message services.
Default value
Usage
Change this rule to No to require that a BlackBerry device user send outgoing email messages through your organization's BlackBerry Enterprise Server and to prevent a user from sending email messages using other email message services. This rule does not prevent a user from receiving email messages on a BlackBerry device from other email message services.
199
Allow Public AIM Services IT policy rule

Description
This rule specifies whether a user can use AOL Instant Messenger (AIM service) on a BlackBerry device.
Default value
Usage
Change this rule to No to prevent communication using AIM on a BlackBerry device.
Allow Public Google Talk Services IT policy rule

Description
This rule specifies whether a user can use Google Talk on a BlackBerry device.
Default value
Usage
Change this rule to No to prevent communication using Google Talk on a BlackBerry device. If you change this rule to No and a user has downloaded the Google Talk for BlackBerry devices application, the Google Talk for BlackBerry devices icon remains on the Home screen. If a user tries to sign into the application, a message appears indicating that the application cannot be used.
Allow Public ICQ Services IT policy rule

Description
This rule specifies whether a user can use ICQ on a BlackBerry device.
Default value
200
Usage
Change this rule to No to prevent communication using ICQ on a BlackBerry device.
Allow Public IM Services IT policy rule

Description
This rule specifies whether a user can use public instant messaging applications for BlackBerry devices.
Default value
Usage
Change this rule to No to prevent using public instant messaging services on a BlackBerry device. This rule applies to all Research In Motion public instant messaging services for BlackBerry devices that were released after the first availability of this rule. To prevent a user from using Yahoo! Messenger for BlackBerry smartphones version 1.0 on a BlackBerry device, configure the Allow Public Yahoo! Messenger Services IT policy rule.
Allow Public WLM Services IT policy rule

Description
This rule specifies whether a user can use Windows Live Messenger on a BlackBerry device.
Default setting
Usage
Change this rule to No to prevent communication using Windows Live Messenger on a BlackBerry device.
201
SIM Application Toolkit policy group
Allow Public Yahoo! Messenger Services IT policy rule

Description
This rule specifies whether a user can use Yahoo! Messenger on a BlackBerry device.
Default value
Usage
Change this rule to No to prevent communication using Yahoo! Messenger on a BlackBerry device.
BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Enterprise Server version 3.6 SP4
Allow T-Mobile Mobile Backup Contact Sync IT policy rule

Description
This rule specifies whether T-Mobile Mobile Backup can run on a BlackBerry device.
Default value
The default value is Disabled. A BlackBerry device user cannot synchronize contacts with the T-Mobile Mobile Backup.
Usage
Change this rule to Enabled to permit a BlackBerry device user to synchronize contacts with the T-Mobile Mobile Backup. Change this rule to Faves to permit a BlackBerry device user to synchronize only the contacts that are included in the user's MyFaves plan with the T-Mobile Mobile Backup.

Disable Network Location Query IT policy rule
Description
202
This rule specifies whether to prevent a wireless network or SIM card from querying a BlackBerry device for certain locationrelated information.
Default setting
The default setting is No.
Usage
The information that the SIM card can query is limited to the current wireless network and cell identities, BlackBerry device IMEI, date, time, and some measurement results.
Disable SIM Call Control IT policy rule

Description
This rule specifies whether to prevent a SIM card from changing a call, a supplementary service request, or an SMS text message.
Default setting
Disable SIM Originated Calls IT policy rule

Description
This rule specifies whether to prevent a SIM card from making a call, performing a supplementary service operation, or sending an SMS text message.
Default setting
203
Smart Dialing policy group
Java based BlackBerry device S/MIME Support Package for BlackBerry smartphones version 4.0 BlackBerry Connect version 4.0 BlackBerry Application Suite version 1.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP3

The rules in the Smart Dialing policy group are obsolete in BlackBerry Enterprise Server version 5.0 and later. Instead, consider configuring the Restrict Incoming Cellular Calls rule and Restrict Outgoing Cellular Calls rule in the Firewall policy group.
Enable Smart Dialing Policy IT policy rule

Description
This rule specifies whether smart dialing for VoIP calls is available on a BlackBerry device.
Default setting
The default setting is Yes.
Usage
This rule is obsolete in BlackBerry Enterprise Server versions 4.1 SP4 and later and BlackBerry Device Software versions 4.0.2 and later. Instead, consider configuring the Restrict Incoming Cellular Calls rule and Restrict Outgoing Cellular Calls rule in the Firewall policy group.
Set Local Area Code IT policy rule

Description
This rule specifies the local area code for phone numbers.
Default value
204
Usage
Dependencies
A BlackBerry device uses this rule only if you configure the Enable Smart Dialing IT policy rule to Yes.
Set Local Country Code IT policy rule

Description
This rule specifies the local country code for phone numbers.
Default value
Usage
Dependencies
Set National Number Length IT policy rule

Description
205
This rule specifies the length of the national phone number.
Default value
Usage
Dependencies
Smart Dialing Allow Device Changes IT policy rule

Description
This rule specifies whether a BlackBerry device user can change the smart dialing options.
Default value
Usage
Dependencies
206
TCP policy group
TCP policy group

TCP APN IT policy rule
Description
This rule specifies whether a default APN is required when a BlackBerry device uses TCP. The length of this string is limited to 120 characters.
Default value
TCP Password IT policy rule

Description
This rule specifies whether a default APN password must be used when a BlackBerry device uses TCP. The length of this string is limited to 32 characters.
Default value
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Enterprise Server version 4.0
TCP Username IT policy rule

Description
207
TLS Application policy group
This rule specifies whether a default APN user name is required when a BlackBerry device uses TCP. The length of this string is limited to 32 characters.
Default value

TLS Device Side Only IT policy rule
Description
This rule specifies whether a BlackBerry device and the BlackBerry Enterprise Server can use proxy mode TLS or proxy mode HTTPS.
Default value
Usage
If you change this rule to Yes, all HTTPS connections must use TLS on the BlackBerry device. If you change this rule and TLS is not available on the BlackBerry device, an exception occurs.
TLS Disable Invalid Connection IT policy rule

Description
208
This rule specifies whether to prevent a BlackBerry device from permitting TLS connections to servers that have invalid certificates.
Default value
The default value is Prompt user on BlackBerry device.
TLS Disable Untrusted Connection IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device from permitting TLS connections to untrusted servers.
Default value
TLS Disable Weak Ciphers IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device from using weak algorithms over TLS connections.
Default value
209
TLS Disable Weak Digests IT policy rule

Description
This rule specifies whether a BlackBerry device can use weak digests during TLS connections.
Default value
The default value for BlackBerry devices that are running BlackBerry Device Software versions that are earlier than version 5.0 is Allow weak digests. The default value for BlackBerry devices that are running BlackBerry Device Software version 5.0 and later is Disable weak digests.
TLS Minimum Strong DH Key Length IT policy rule

Description
This rule specifies the minimum DH key size (in bits) to use over TLS connections. The permitted range is 512 through 4096 bits.
Default value
The default value on a BlackBerry device is 1024 bits. The default value on the BlackBerry Enterprise Server is 512 bits.
Usage
If you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on a BlackBerry device, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is less than the minimum key size on the BlackBerry Enterprise Server. For example, when a user browses to a secure web site that uses a 512-bit DH key in its certificate, the BlackBerry device prompts the user to trust the web site. If the user trusts the web site and selects the Don't Ask Again option, the minimum key size on the BlackBerry device is configured to 512 bits. If you set the minimum key size on the BlackBerry Enterprise Server to 2048 bits, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is less than 2048 bits.
210
TLS Minimum Strong DSA Key Length IT policy rule

Description
This rule specifies the minimum DSA key size (in bits) to use over TLS connections. The permitted range is 512 through 1024 bits.
Default value
Usage
If you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on the BlackBerry device, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is less than the minimum key size on the BlackBerry Enterprise Server. For example, when a user browses to a secure web site that uses a 512-bit DSA key in its certificate, the BlackBerry device prompts the user to trust the web site. If the user trusts the web site and selects the Don't Ask Again option, the minimum key size on the BlackBerry device is configured to 512 bits. If you configure the minimum key size on the BlackBerry Enterprise Server to 1024 bits, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is less than 1024 bits.
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6.1 BlackBerry Enterprise Server version 3.6 SP1
TLS Minimum Strong ECC Key Length IT policy rule

Description
This rule specifies the minimum ECC key size (in bits) to use over TLS connections. The permitted range is 160 through 571 bits.
Default value
Usage
If you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on the BlackBerry device, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is less than the minimum key size on the BlackBerry Enterprise Server.
211
For example, when a user browses to a secure web site that uses a 160-bit ECC key in its certificate, the BlackBerry device prompts the user to trust the web site. If the user trusts the web site and selects the Don't Ask Again option, the minimum key size on the BlackBerry device is configured to 160 bits. If you configure the minimum key size on the BlackBerry Enterprise Server to 233 bits, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is less than 233 bits.
TLS Minimum Strong RSA Key Length IT policy rule

Description
This rule specifies the minimum RSA key size (in bits) to use over TLS connections. The permitted range is 512 through 4096 bits.
Default value
The default value on the BlackBerry device is 1000 bits. The default value on the BlackBerry Enterprise Server is 512 bits.
Usage
If you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on the BlackBerry device, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is less than the minimum key size on the BlackBerry Enterprise Server. For example, when a user browses to a secure web site that uses a 512-bit RSA key in its certificate, the BlackBerry device prompts the user to trust the web site. If the user trusts the web site and selects the Don't Ask Again option, the minimum key size on the BlackBerry device is configured to 512 bits. If you configure the minimum key size on the BlackBerry Enterprise Server to 2048 bits, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is less than 2048 bits.
212
User Feedback IT policy group
TLS Prevent Unmatched Domain Name IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device from opening a TLS connection to a server that has a domain name that does not match any domain names in the server's certificate.
Default value
TLS Restrict FIPS Ciphers IT policy rule

Description
This rule specifies whether a BlackBerry device can use an algorithm with TLS that is not FIPS-compliant.
Default value
Usage
By default, if you configure the FIPS Level IT policy rule to Level 2, a BlackBerry device does not use this rule and uses only algorithms that are FIPS-compliant.
User Feedback IT policy group

IT policy rules in the User Feedback IT policy group control how the user can provide feedback to Research In Motion using the BlackBerry device.
213
Visual Voice Mail policy group
Allow User Feedback IT policy rule

Description
This rule specifies whether a user can provide feedback to Research In Motion.
Default value
Usage
Change this rule to Yes to allow a user to provide feedback.

Allow Users to Save Messages IT policy rule
Description
This rule specifies whether a BlackBerry device user can use visual voice mail to save or forward voice mail messages.
Default value
Dependencies
If you want to permit a BlackBerry device user access to visual voice mail, you must change the Disable Visual Voice Mail IT policy rule to No.
Disable Visual Voice Mail IT policy rule

Description
214
This rule specifies whether to permit a BlackBerry device user access to visual voice mail.
Default value
Usage
Change this rule to Yes to prevent a BlackBerry device user from accessing visual voice mail. Note: If a wireless service provider gives a BlackBerry device user access to visual voice mail, it might prevent the user from receiving standard voice mail notifications.
Password Complexity IT policy rule

Description
This rule specifies the minimum password length that a BlackBerry device user is required to type to access the TUI. The permitted range is 0 to 16 digits.
Default value
The default value is 4 digits.
Dependencies
If you configure this rule, you must change the Password Required IT policy rule to Yes.
Require Password IT policy rule

Description
This rule specifies whether a BlackBerry device user must type a password to access the TUI.
Default value
215
VoIP policy group
BlackBerry Connect version 4.5 BlackBerry Device Software version 4.5
VoIP policy group

Allow VoIP IT policy rule
Description
This rule specifies whether a user with a Wi-Fi enabled BlackBerry device can make VoIP calls.
Default value
The default value is Yes. VoIP is turned on.
Usage
This rule is made obsolete by BlackBerry Mobile Voice System.
Disable VoIP User Profiles IT policy rule

Description
This rule specifies whether a user can create VoIP profiles on a BlackBerry device.
Default value
Usage
Change this rule to Yes to prevent a user from creating VoIP profiles on a BlackBerry device. This rule is made obsolete by BlackBerry Mobile Voice System.
216
VoIP policy group
SIP Authentication ID IT policy rule

Description
This rule specifies the SIP authentication ID that a BlackBerry device uses to authenticate to your organization's SIP server.
Default value
Usage
Specify a value only if your organizations SIP server requires it. This rule is made obsolete by BlackBerry Mobile Voice System.
SIP Domain IT policy rule

Description
This rule specifies the SIP domain where the SIP user ID is valid.
Default value
Usage
SIP Local Port IT policy rule

Description
This rule specifies the network port number that a BlackBerry device listens on for incoming SIP messages. The permitted range is 1 through 65535.
Default value
217
VoIP policy group
Usage
Java based BlackBerry device BlackBerry Device Software e version 4.0 BlackBerry Enterprise Server version 4.0 SP1
SIP Realm IT policy rule

Description
This rule specifies the name of the SIP domain or host that shares authentication information with your organization's SIP server.
Default value
Usage
Configure this rule to specify a name for a SIP domain or host. The SIP realm value on a BlackBerry device must be the same as the SIP realm value that you specified on the SIP server. This rule is made obsolete by BlackBerry Mobile Voice System.
SIP Registration Timeout IT policy rule

Description
This rule specifies the time, in minutes, that can elapses before the SIP registration process expires. The permitted range is 1 through 65535 minutes.
Default value
Usage
218
VoIP policy group
SIP RTP Media Port IT policy rule

Description
This rule specifies the port number that a BlackBerry device uses for outgoing RTP media streams. The permitted range is 1 through 65535.
Default value
Usage
SIP Server Name IT policy rule

Description
This rule specifies the name or IP address of your organization's SIP proxy server.
Default value
Usage
SIP Server Port IT policy rule

Description
219
VoIP policy group
This rule specifies the port number on your organization's SIP proxy server that the SIP proxy server uses to make network connections. The permitted range is 0 to 65536.
Default value
Usage
Change this rule only if the port number that the SIP proxy server uses is not 5060. This rule is made obsolete by BlackBerry Mobile Voice System.
SIP Server Transport IT policy rule

Description
This rule specifies the transport protocol that your organization's SIP server uses.
Default value
The default value is UDP.
Usage
Change this rule only if the transport protocol is not UDP. This rule is made obsolete by BlackBerry Mobile Voice System.
SIP Server Type IT policy rule

Description
This rule specifies the type of SIP proxy server that a BlackBerry device can connect to.
Default value
The default value is Generic SIP.
Usage
220
VoIP policy group
Change this rule only if the SIP proxy server is not generic. This rule is made obsolete by BlackBerry Mobile Voice System.
SIP User Display Name IT policy rule

Description
This rule specifies the user name that your organization's SIP server displays when it sends a users SIP address to a BlackBerry device.
Default value
Usage
Configure this rule if you want to specify a default value for all users. This rule is made obsolete by BlackBerry Mobile Voice System.
SIP User ID IT policy rule

Description
This rule specifies the SIP user ID that a BlackBerry device uses to register with your organization's SIP proxy server.
Default value
Usage
Configure this rule if you want to configure a default value for all users. If a user types an SIP user ID on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user typed. To retain the value on the BlackBerry device, verify that the updated IT policy uses the same value as this rule.
221
VoIP policy group
SIP User Password IT policy

Description
This rule specifies the SIP user password that a BlackBerry device uses to authenticate to your organization's SIP proxy server.
Default value
Usage
Configure this rule if you want to configure a default value for all users. If the user types an SIP user password on a BlackBerry device manually, IT policy updates overwrite or delete the value. To retain the value on the BlackBerry device, verify that the updated IT policy uses the same value as this rule. This rule is made obsolete by BlackBerry Mobile Voice System.
VoIP Allow BlackBerry Device Changes IT policy rule

Description
This rule specifies whether a user can change SIP and VoIP settings on a BlackBerry device for remote troubleshooting purposes.
Default value
Usage
222
VoIP policy group
VoIP Emergency Number IT policy rule

Description
This rule specifies the emergency number that a BlackBerry device can use on your organizations network.
Default value
Usage
Two versions of this rule are available. Refer to the descriptions in the BlackBerry Administration Service to determine which version of this rule is the appropriate version for the BlackBerry devices in your organization. One version of the rule is valid for Java versions 4.0.0 to 4.0.1.90 only and you must configure it as an integer. The other version of the rule is valid for Java versions 4.0.1 or later and you must configure it as a string. This rule is made obsolete by BlackBerry Mobile Voice System.
Java based BlackBerry device BlackBerry Device Software version 4.0. BlackBerry Enterprise Server version 4.0 SP1
VoIP Enable Attended Call Transfer IT policy rule

Description
This setting specifies whether a user can perform an attended transfer of a VoIP call (where the original call does not end until the user that transfers the call dials the transfer number and clicks Complete Transfer) on a BlackBerry device.
Default value
Usage
To use this feature, verify that your organizations PBX permits phones to transfer VoIP calls. This rule is made obsolete by BlackBerry Mobile Voice System.
223
VPN policy group
VoIP Enable Call Hold IT policy rule

Description
This rule specifies whether a user can place a VoIP call on hold on a BlackBerry device.
Default value
The default value is Yes. This rule is made obsolete by BlackBerry Mobile Voice System.
VoIP Enable Unattended Call Transfer IT policy rule

Description
This rule specifies whether a user can perform an unattended transfer to a VoIP call (where the original call ends automatically when the user that transfers the call dials the transfer number) on a BlackBerry device.
Default value
Usage
To use this feature, verify your that organizations PBX permits phones to transfer VoIP calls. This rule is made obsolete by BlackBerry Mobile Voice System.
VPN policy group

Disable VPN User Profiles IT policy rule
Description
224
VPN policy group
This rule specifies whether a user can create VPN profiles on a BlackBerry device.
Default value
Usage
Change this rule to Yes to prevent a user from creating VPN profiles on a BlackBerry device.
Enable VPN IT policy rule

Description
This rule specifies whether the VPN client on a BlackBerry device is turned on.
Default value
The default value is No. A BlackBerry device might not be able to use a Wi-Fi network that requires VPN access, or it might require an alternative form of access control.
Usage
Change this rule to Yes to require that a BlackBerry device use VPN server to access a Wi-Fi network. This rule is obsolete in BlackBerry Enterprise Server version 4.1 SP3 and later.
Use VPN Xauth IT policy rule

Description
This rule specifies whether a VPN client on a BlackBerry device should use Xauth certificates to authenticate to your organization's VPN gateway.
Default value
Dependencies
225
VPN policy group
You must change the Enable VPN IT policy rule to Yes so that a BlackBerry device can use this rule.
VPN Allow Handheld Changes IT policy rule

Description
This rule specifies whether a user can change all VPN IT policy rules on a BlackBerry device.
Default value
Usage
If you change this rule to No, the user can continue to change the VPN user name and VPN password on theBlackBerry device. This rule is obsolete in BlackBerry Enterprise Server version 4.1 SP3 and later.
VPN Allow Password Save IT policy rule

Description
This rule specifies whether a user can save a VPN password on a BlackBerry device.
Default value
Usage
If you change this rule to No (password not saved), the user must type a VPN password each time the BlackBerry device connects to the VPN concentrator.
226
VPN policy group
VPN Disable Prompt for Credentials Re-Entry IT policy rule

Description
This rule specifies whether a BlackBerry device turns off the prompt for a user to type the VPN credentials after the user tries to authenticate to the VPN server but is not successful.
Default value
Usage
Change this rule to Yes if you do not want a BlackBerry device to prompt a user to type VPN credentials after authentication is not successful.
VPN DNS Configuration IT policy rule

Description
This rule specifies your organization's VPN DNS configuration.
Default value
The default value is Yes. A BlackBerry device retrieves DNS settings from the VPN gateway.
Usage
To require that a BlackBerry device use the static settings that are specified in the VPN Primary DNS IT policy rule, VPN Secondary DNS IT policy rule, and VPN Domain Name IT policy rule, change this rule to No.
Dependencies
You must configure the Enable VPN IT policy rule to Yes so that a BlackBerry device can use this rule.
VPN Domain Name IT policy rule

Description
227
VPN policy group
This rule specifies the suffix for your organization's domain name using the FQDN format.
Default value
Dependencies
You must configure the Enable VPN IT policy rule to Yes and the VPN DNS Configuration IT policy rule to No so that a BlackBerry device can use this rule.
VPN Gateway Address IT policy rule

Description
This rule specifies the IP address or FQDN of your organization's VPN server.
Default value
VPN Group Name IT policy rule

Description
This rule specifies the group name of your organization's VPN server.
Default value
Usage
Specify the group name of your organization's VPN server only if the type of VPN client requires it.
228
VPN policy group
VPN Group Password IT policy rule

Description
This rule specifies the group password for your organization's VPN server.
Default value
Usage
Specify the group password for your organization's VPN server only if the type of VPN client requires it.
VPN IKE Cipher IT policy rule

Description
This rule specifies the encryption algorithm that a BlackBerry device uses to authenticate the IKE exchanges.
Default value
The default value is AES-128.
Usage
Change the value only if the encryption algorithm does not support AES-128.
VPN IKE DH Group IT policy rule

Description
This rule specifies the DH group that a BlackBerry device uses to generate key material.
Default value
The default value is Group 7 (elliptic curve cryptography).
Usage
229
VPN policy group
Change the value only if the DH group does not use ECC.
Dependencies
You must configure the Enable VPN IT policy rule to Yes so that a BlackBerry device can use this rule.
VPN IKE Hash IT policy rule

Description
This rule specifies the hash method authentication code that a BlackBerry device can use.
Default value
The default value is SHA-1 (160 bits).
Usage
Change the value only if the hash method authentication code does not support SHA-1 (160 bits).
VPN IPSec Cipher and Hash IT policy rule

Description
This rule specifies the encryption algorithm and hash that a BlackBerry device uses for IPSec Security Associations.
Default value
The default value is SHA-1 Hash and AES-128 Cipher.
Usage
Change the value only if the IPSec cipher and hash are not AES-128 and SHA-1.
230
VPN policy group
VPN Minimal Certificate Encryption Key Security Level IT policy rule

Description
This rule specifies the minimum security level for private keys that a BlackBerry device uses for authentication methods that require client certificates.
Default value
The default value is Low security. A BlackBerry device prompts the user only once for the key store password. The BlackBerry device retrieves and stores, in unencrypted format, the private key with the VPN profile.
Usage
If you change this rule to High security, a BlackBerry device always prompts the user for the key store password when the BlackBerry device requires access to the private key. This might happen frequently, even if the user typed the password recently. Private keys are not stored with the VPN profile. If you change this rule to Medium security, a BlackBerry device prompts the user for the key store password the first time only and, from that point forward, only prompts the user again after the user resets the BlackBerry device. Private keys are cached in memory but are not stored with the VPN profile.
VPN NAT Keep Alive IT policy rule

Description
This rule specifies the NAT keep-alive frequency.
Default value
The default value is 1 minute.
Usage
Specify the interval, in minutes, after which a BlackBerry device sends a keep-alive packet to the VPN concentrator to maintain the connection to the VPN concentrator. The permitted range is 1 to 1439 minutes.
231
VPN policy group
VPN Password Hidden on Input IT policy rule

Description
This rule specifies whether a BlackBerry device displays asterisks (*) instead of characters when the user types the VPN password.
Default value
Usage
Change this rule to Yes to hide the VPN password as the user types it.
VPN PFS IT policy rule

Description
This rule specifies whether Perfect Forward Secrecy is turned on for a BlackBerry device.
Default value
Usage
Change the value only if your organization does not support Perfect Forward Secrecy.
VPN Primary DNS IT policy rule

Description
This rule specifies the static setting for the IP address of your organization's primary DNS server.
Default value
Dependencies
232
VPN policy group
You must change the Enable VPN IT policy rule to Yes and the VPN DNS Configuration IT policy rule to No so that a BlackBerry device can use this rule.
VPN Secondary DNS IT policy rule

Description
This rule specifies the static setting for the IP address of your organization's secondary DNS server.
Default value
Dependencies
You must change the Enable VPN IT policy rule to Yes and the VPN DNS Configuration IT policy rule to No so that a BlackBerry device can use this rule.
VPN User Name IT policy rule

Description
This rule specifies the default user name that a BlackBerry device uses to log in to your organization's VPN server.
Default value
Usage
Specify a value for this rule if you want to configure a default user name for all user accounts. If a user types a user name on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user typed. To retain the value on the BlackBerry device, verify that the updated rule uses the same value as this rule.
Dependencies
233
VPN policy group
VPN User Password IT policy rule

Description
This rule specifies the default password that a BlackBerry device uses to log in to your oganization's VPN server.
Default value
Usage
Specify a value for this rule if you want to configure a default password for all user accounts. If a user types a password on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user typed. To retain the value on the BlackBerry device, verify that the updated rule uses the same value as this rule.
Dependencies
VPN Vendor Type IT policy rule

Description
This rule specifies the type of VPN client that the VPN client on a BlackBerry device emulates.
Default value
Dependencies
234
Wi-Fi policy group
VPN Xauth Type IT policy rule

Description
This rule specifies the type of user-level authentication that your organization's VPN server uses.
Default value
The default value is User name and password required.
Dependencies
Wi-Fi policy group

The previous name of this policy group was WLAN policy group.
BlackBerry Infrastructure Wi-Fi Access Mode IT policy rule

Description
This rule specifies whether a Wi-Fi enabled BlackBerry device can connect to the BlackBerry Infrastructure over a Wi-Fi network to access the BlackBerry Enterprise Server or BlackBerry Internet Service. The previous name of this rule was BlackBerry Infrastructure WLAN Access Mode.
Default value
The default value is Access does not require VPN. A BlackBerry device can bypass an active VPN connection when the BlackBerry device connects to the BlackBerry Infrastructure over a Wi-Fi network.
Usage
You can select one of the following options to configure when a BlackBerry device can connect to the BlackBerry Infrastructure over a Wi-Fi network: If you want a BlackBerry device to always use a VPN connection when the BlackBerry device connects to the BlackBerry Infrastructure over a Wi-Fi network, you can select the Access requires VPN option. You can select this option if you want to enforce the additional security that a VPN connection provides. If you do not want a BlackBerry device to connect to the BlackBerry Infrastructure over a Wi-Fi network, you can select the Access disabled option.
Dependencies
235
Wi-Fi policy group
You can override this rule using the related Wi-Fi configuration setting that is named Wi-Fi BlackBerry Infrastructure Wi-Fi access mode. You can use this setting to configure the access mode for a specific Wi-Fi network, and this rule to configure the access mode for other Wi-Fi networks. If you turn off access to the BlackBerry Infrastructure over the Wi-Fi network using this rule, you cannot override this rule using the configuration setting.
Blocked Wi-Fi SSIDs IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device user from adding Wi-Fi profiles for SSIDs that you specify to a BlackBerry device. The previous name of this rule was Blocked WLAN SSIDs.
Default value
Usage
Specify a list of Wi-Fi SSIDs, separated by commas (,), that you do not want a BlackBerry device to associate with.
Disable GAN-Only Mode IT policy rule

Description
This rule specifies whether a user can select the GAN-only mode from the list of GAN selection modes on a BlackBerry device.
Default value
Usage
Change this rule to Yes to prevent a user from using the GAN-only mode on a BlackBerry device.
236
Wi-Fi policy group
Disable GAN-Preferred Mode IT policy rule

Description
This rule specifies whether a user can select the GAN-preferred mode from the list of GAN selection modes on a BlackBerry device.
Default value
Usage
Change this rule to Yes to prevent a user from using the GAN-preferred mode on a BlackBerry device.
Disable GAN Selection Mode Editing IT policy rule

Description
This rule specifies whether a user can change the GAN selection mode on a BlackBerry device.
Default value
Usage
Change this rule to Yes to prevent a user from changing the GAN selection mode on a BlackBerry device.
Disable WAN-Only Mode IT policy rule

Description
237
Wi-Fi policy group
This rule specifies whether a user can select the WAN-only mode from the list of GAN selection modes on a BlackBerry device.
Default value
Usage
Change this rule to Yes to prevent a user from using the WAN-only mode on a BlackBerry device.
Disable WAN-Preferred Mode IT policy rule

Description
This rule specifies whether a user can select the WAN-preferred mode from the list of GAN selection modes on a BlackBerry device.
Default value
Usage
Change this rule to Yes to prevent a user from using the WAN-preferred mode on a BlackBerry device.
Disable Wi-Fi IT policy rule

Description
This rule specifies whether a user can access a Wi-Fi network from a Wi-Fi enabled BlackBerry device. The previous name of this rule was Disable WLAN.
Default value
Usage
238
Wi-Fi policy group
Change this rule to Yes to prevent a user from accessing a Wi-Fi network from the BlackBerry device.
Disable Wi-Fi Direct Access to BlackBerry Enterprise Server IT policy rule

Description
This rule specifies whether a BlackBerry device can connect to the BlackBerry Enterprise Server using a Wi-Fi connection. The previous name of this rule was Disable WLAN Direct Access to BlackBerry Enterprise Server.
Default value
The default value is a null value. The default value might vary depending on which mobile network provider a BlackBerry device is using.
Usage
Configure this rule to Yes to deny a BlackBerry device access to the BlackBerry Enterprise Server over a Wi-Fi network.
Disable Wi-Fi User Profiles IT policy rule

Description
This rule specifies whether a user can create Wi-Fi profiles on a BlackBerry device. The previous name of this rule was Disable WLAN User Profiles.
Default value
Usage
Change this rule to Yes to prevent a user from creating Wi-Fi profiles on a BlackBerry device.
Java based BlackBerry device BlackBerry Device Software version 4.2.1
239
Wi-Fi policy group
GAN Signal Quality Threshold IT policy rule

Description
This rule specifies the signal quality threshold that a BlackBerry device uses for handover from the WAN to the GAN.
Default value
The default value is a null value. A BlackBerry device chooses a suitable value. This value might be specified by the mobile network provider.
Usage
In WAN-preferred mode, if the signal quality drops below the threshold, a BlackBerry device tries a handover to the GAN, if possible. The signal quality is related to the bit error rate and is described in the 3GPP 5.08 8.2.4 specification as follows: 0: good quality 7: worst quality
GAN Signal Strength Threshold IT policy rule

Description
This rule specifies the signal strength threshold that a BlackBerry device can use to rove in from the WAN to the GAN.
Default value
The default value is a null value. A BlackBerry device chooses a suitable value. This value might be specified by the mobile network provider.
Usage
In the WAN-preferred mode, if the signal strength of the serving cell drops below the value that you specify, a BlackBerry device uses the GAN cell if one is available. This value is specified in Received Signal Level units, as described in the 3GPP 5.08 8.1.4 specification: 0: -111 dBm 63: -48 dBm
240
Wi-Fi policy group
GAN Wi-Fi Threshold IT policy rule

Description
This rule specifies the threshold for the Wi-Fi signal quality when a BlackBerry device changes from the GAN to the WAN. If the Wi-Fi signal quality drops below the threshold in the GAN-preferred mode and an acceptable cell is available, the BlackBerry device tries to change from the GAN to the WAN. The previous name of this rule was GAN WLAN Threshold.
Default value
The default value is a null value. A BlackBerry device chooses an appropriate value. This value might be specified by the mobile network provider.
Usage
If you choose Low, a BlackBerry device uses the GAN mode unless the Wi-Fi signal quality is very low. If you choose Medium, a BlackBerry device uses the GAN mode if the Wi-Fi signal quality is high or medium. If you choose High, a BlackBerry device uses the GAN mode only if the Wi-Fi signal quality is high.
Wi-Fi Allow Handheld Changes IT policy rule

Description
This rule specifies whether users can change all Wi-Fi policy rules on their BlackBerry devices. The previous name of this rule was WLAN Allow Handheld Changes.
Default values
The default value in the Default IT policy is Yes. The default value in all other preconfigured IT policies is No.
Usage
Change this rule to No to permit users to change only the user-specific Wi-Fi policy rules on a BlackBerry device. User-specific Wi-Fi policy rules are Wi-Fi User Name IT policy rule and Wi-Fi User Password IT policy rule.
241
Wi-Fi policy group
Wi-Fi Default Gateway IT policy rule

Description
This rule specifies the default gateway in IP address format (for example, 10.0.0.1) that a BlackBerry device can use if DHCP on the BlackBerry device is turned off. The previous name of this rule was WLAN Default Gateway.
Default value
Usage
A BlackBerry device uses this rule only if you change the value for the Wi-Fi DHCP Configuration IT policy rule to No.
Dependencies
If you configure the value for the Wi-Fi DHCP Configuration IT policy rule to Yes, do not change the value for this rule to Yes.
Wi-Fi Default KEY ID IT policy rule

Description
This rule specifies the default WEP key ID. The permitted range is 1 to 4. The previous name of this rule was WLAN Default KEY ID.
Default value
Usage
Verify that the WEP key ID matches the WEP access point ID and the corresponding WEP key.
242
Wi-Fi policy group
Wi-Fi DHCP Configuration IT policy rule

Description
This rule specifies whether your organization uses DHCP for dynamic network configuration. The previous name of this rule was WLAN DHCP Configuration.
Default value
The default value is Yes. DHCP is turned on.
Usage
If you use a Wi-Fi network that includes subnets, turn on DHCP to permit roaming between subnets.
Wi-Fi Disable Prompt for Credentials Re-Entry IT policy rule

Description
This rule specifies whether a BlackBerry device turns off the prompt for a user to re-enter the Wi-Fi credentials after authentication is not successful. The previous name of this rule was WLAN Disable Prompt for Credentials Re-Entry.
Default value
Wi-Fi Enable Authentication Page IT policy rule

Description
This rule specifies whether the Wi-Fi Login browser is available on a BlackBerry 7270 smartphone. The previous name of this rule was WLAN Enable Authentication Page.
Default value
243
Wi-Fi policy group
Usage
Change this rule to Yes to permit a user to log in to a captive portal using a BlackBerry device. This rule is obsolete in BlackBerry Enterprise Server version 4.1 SP4 and later.
Wi-Fi IP Address IT policy rule

Description
This rule specifies the IP address (for example, 10.0.0.1) that a BlackBerry device can use if DHCP on the BlackBerry device is turned off. The previous name of this rule was WLAN IP Address.
Default value
Usage
A BlackBerry device uses this rule only if you change the Wi-Fi DHCP Configuration IT policy rule to No.
Dependencies
If you change the Wi-Fi DHCP Configuration IT policy rule to Yes, do not change this rule to Yes.
Wi-Fi Link Security IT policy rule

Description
This rule specifies the type of security (for example, Open Wi-Fi security, WEP, PSK, EAP-PEAP, EAP-LEAP, or EAP-TLS) that a BlackBerry device requires to access a Wi-Fi network. The previous name of this rule was WLAN Link Security.
Default value
244
Wi-Fi policy group
The default value is Open Wi-Fi security.
Wi-Fi Minimal EAP-TLS Certificate Encryption Key Security Level IT policy rule
Description
This rule specifies the minimum security level for a private key that an EAP authentication method (for example, EAP-TLS) uses with a client certificate. The previous name of this rule was WLAN Minimal EAP-TLS Certificate Encryption Key Security Level.
Default value
The default value is Low security. A BlackBerry device prompts a user only once for the key store password so that the BlackBerry device can retrieve the private key and encrypt messages. The BlackBerry device stores the unencrypted private key with the WiFi profile.
Usage
If you change the value to Medium security, the BlackBerry device prompts a user only once for the key store password so that the BlackBerry device can retrieve the private key and encrypt messages. After the BlackBerry device retrieves the private key, the BlackBerry device only retrieves the private key again after the user resets the BlackBerry device. The BlackBerry device caches the private key in memory but does not store it with the Wi-Fi profile. If you change the value to High security, the BlackBerry device always prompts the user for the key store password when it accesses the private key and encrypts messages. The BlackBerry device does not store the unencrypted private key with the WiFi profile. This rule is obsolete in BlackBerry Enterprise Server version 4.1 SP4 and later.
Wi-Fi Password Hidden on Input IT policy rule

Description
This rule specifies whether the password for Wi-Fi authentication is represented by asterisks (*) as the user types it.
245
Wi-Fi policy group
The previous name of this rule was WLAN Password Hidden on Input.
Default value
The default value is No. A BlackBerry device displays the characters that the user types.
Usage
Change this rule to Yes to mask the password that the user types.
Wi-Fi Preshared Key IT policy rule

Description
This rule specifies the PSK if your organization uses PSK to authenticate to a Wi-Fi network. The previous name of this rule was WLAN Preshared Key.
Default value
Dependencies
A BlackBerry device uses this rule only if you configure the Wi-Fi Link Security IT policy rule to PSK.
Wi-Fi Primary DNS IT policy rule

Description
This rule specifies the primary DNS in IP address format (for example, 10.0.0.1) that a BlackBerry device can use if DHCP on the BlackBerry device is turned off. The previous name of this rule was WLAN Primary DNS.
Default value
Usage
246
Wi-Fi policy group
Dependencies
Wi-Fi Profile Forwarding Mode IT policy rule

Description
This rule specifies whether a user can forward the Wi-Fi profiles that the user creates on a BlackBerry device to another BlackBerry device using an email message, PIN message, SMS text message, or BlackBerry Messenger message, with or without a password. The previous name of this rule was WLAN profile forwarding mode.
Default value
The default value is Enabled.
Usage
You cannot resend an IT policy to forward Wi-Fi profiles.
Dependencies
A user can forward a Wi-Fi profile using a PIN message only if you change the Allow Peer-to-Peer Messages IT policy rule to Yes, and the Firewall Block Incoming Messages IT policy rule does not prevent the BlackBerry device from processing PIN messages. A user can forward a Wi-Fi profile using a SMS text message only if you change the Allow SMS IT policy rule to Yes, and the Firewall Block Incoming Messages IT policy rule does not prevent the BlackBerry device from processing SMS text messages. A user can forward a Wi-Fi profile using BlackBerry Messenger only if you change the Disable BlackBerry Messenger IT policy rule to No, and the Firewall Block Incoming Messages IT policy rule does not prevent the BlackBerry device from processing SMS messages.
247
Wi-Fi policy group
Wi-Fi Secondary DNS IT policy rule

Description
This rule specifies the secondary DNS in IP address format (for example, 10.0.0.1) that a BlackBerry device can use if DHCP on the BlackBerry device is turned off. The previous name of this rule was WLAN Secondary DNS.
Default value
Usage
Dependencies
Wi-Fi SSID IT policy rule

Description
This rule specifies the network name of the Wi-Fi network and its wireless access points. The SSID is case-sensitive and has a maximum length of 32 characters. The previous name of this rule was WLAN SSID.
Default value
Usage
You must change the value before a BlackBerry device can access the Wi-Fi network.
248
Wi-Fi policy group
Wi-Fi Subnet Mask IT policy rule

Description
This rule specifies the subnet mask in IP address format (for example, 10.0.0.1) that a BlackBerry device can use if DHCP on the BlackBerry device is turned off. The previous name of this rule was WLAN Subnet Mask.
Default value
Usage
Dependencies
Wi-Fi User Name IT policy rule

Description
This rule specifies the user name for PEAP or LEAP security access on a BlackBerry device. The previous name of this rule was WLAN User Name.
Default value
Usage
Configure a value if you want to create a default value for all users. If a user types a user name on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user types. To retain the value that the user specifies on the BlackBerry device, verify that the updated IT policy uses the same value as the IT policy on the BlackBerry device.
249
Wi-Fi policy group
Wi-Fi User Password IT policy rule

Description
This rule specifies the password for PEAP or LEAP security access on a BlackBerry device. The previous name of this rule was WLAN User Password.
Default value
Usage
Configure a value if you want to create a default value for all users. If a user types a password on a BlackBerry device manually, any IT policy updates overwrite or delete the value that the user types. To retain the value that the user specifies on the BlackBerry device, verify that the updated IT policy uses the same value as the IT policy on the BlackBerry device.
Wi-Fi WEP Key 1 IT policy rule

Description
This rule specifies the password for WEP key 1 using the format xx:xx:xx:xx:xx. The previous name of this rule was WLAN WEP Key 1.
Default value
Usage
Valid values are either 5 or 13 pairs of hexadecimal digits (0 to 9 and A to F) separated by a colon (for example, AB:CD:EF:01:23 or AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23).
250
Wi-Fi policy group

Description
Default value
Usage

Description
Default value
Usage

Description
251
Wired Software Updates policy group
Default value
Usage
Wired Software Updates policy group

IT policy rules in the Wired Software Updates policy group apply to the BlackBerry Device Software update process when a user connects a BlackBerry device to a computer.
Allow Web-Based Software Loading IT policy rule

Description
This rule specifies whether a user can update the BlackBerry Device Software using the web-based software loading feature.
Default value
Cryptographic Services Backup IT policy rule

Description
This rule specifies whether the BlackBerry device can back up cryptographic services data when a user updates the BlackBerry Device Software.
252
Wireless Software Upgrades policy group
A cryptographic service is any service that uses a cryptographic key to protect the communication between the BlackBerry device and the BlackBerry Enterprise Server or the BlackBerry Internet Service (for example, the encryption keys that are generated during activation that are used to protect the data that the BlackBerry device and the BlackBerry Enterprise Server send between each other).
Default value
Usage
If you allow a BlackBerry device to back up cryptographic services data, the BlackBerry device can continue to use a cryptographic service after the software loading process completes without requiring the user to reactivate the BlackBerry device manually.

Allow Non Enterprise Upgrade IT policy rule
Description
This rule specifies whether to permit Research In Motion or a wireless service provider to request that a BlackBerry device download updates for the BlackBerry Device Software over the wireless network.
Default value
Usage
The BlackBerry Administration Service changes the value for this rule to the default value and does not display this rule when you configure the BlackBerry Administration Service to display the BlackBerry Device Software pages. For more information, see the BlackBerry Device Software Update Guide.
Disallow Device User Requested Rollback IT policy rule

Description
253
This rule specifies whether to prevent a BlackBerry device user from returning to a previous version of the BlackBerry Device Software after a previously successful update of the BlackBerry Device Software over the wireless network.
Default value
Usage
Disallow Device User Requested Upgrade IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device user from requesting available updates for the BlackBerry Device Software over the wireless network.
Default value
Usage
Disallow Patch Download Over International Roaming WAN IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device from downloading updates for the BlackBerry Device Software over a WAN connection when roaming internationally.
Default value
254
Disallow Patch Download Over Roaming WAN IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device from downloading updates for the BlackBerry Device Software over a WAN connection when roaming.
Default value
Disallow Patch Download Over WAN IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device from downloading updates for the BlackBerry Device Software over a WAN connection.
Default value
Disallow Patch Download Over Wi-Fi IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device from downloading updates for the BlackBerry Device Software over a Wi-Fi connection.
255
WTLS Application policy group
Default value

WTLS Disable Invalid Connection IT policy rule
Description
This rule specifies whether to prevent a BlackBerry device from permitting WTLS connections to servers that have invalid certificates.
Default value
Usage
If you want to prevent a BlackBerry device user from connecting to WTLS servers that have invalid certificates, change this rule to Disable invalid connections. If you want to permit a BlackBerry device user to connect to WTLS servers that have invalid certificates, change this rule to Allow invalid connections.
WTLS Disable Untrusted Connection IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device from permitting WTLS connections to untrusted servers.
Default value
256
Usage
If you want to prevent a BlackBerry device user from creating WTLS connections to untrusted servers, change this rule to Disable untrusted connections. If you want to permit a BlackBerry device user to create WTLS connections to untrusted servers, change this rule to Allow untrusted connections.
WTLS Disable Weak Ciphers IT policy rule

Description
This rule specifies whether to prevent a BlackBerry device from using weak algorithms over WTLS connections.
Default value
Usage
If you want to prevent a BlackBerry device user from using weak algorithms over WTLS connections, change this rule to Disable weak algorithms. If you want to permit a BlackBerry device user to use weak algorithms over WTLS connections, change this rule to Allow weak algorithms.
WTLS Minimum Strong DH Key Length IT policy rule

Description
257
This rule specifies the minimum DH key size (in bits) to use over WTLS connections. The permitted range is 512 through 4096 bits.
Default value
Usage
If you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on a BlackBerry device, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is lower than the minimum key size on the BlackBerry Enterprise Server. For example, when a user browses to a secure web site that uses a 512-bit DH key in its certificate, the BlackBerry device prompts the user to trust the web site. If the user trusts the web site and selects the Don't Ask Again option, the minimum key size on the BlackBerry device is configured to 512 bits. If you configure the minimum key size on the BlackBerry Enterprise Server to 2048 bits, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is lower than 2048 bits.
WTLS Minimum Strong ECC Key Length IT policy rule

Description
This rule specifies the minimum ECC key size (in bits) to use over WTLS connections. The permitted range is 160 through 571 bits.
Default value
Usage
If you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on a BlackBerry device, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is lower than the minimum key size on the BlackBerry Enterprise Server.
258
For example, when a user browses to a secure web site that uses a 160-bit ECC key in its certificate, the BlackBerry device prompts the user to trust the web site. If the user trusts the web site and selects the Don't Ask Again option, the minimum key size on the BlackBerry device is configured to 160 bits. If you configure the minimum key size on the BlackBerry Enterprise Server to 233 bits, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is lower than 233 bits.
WTLS Minimum Strong RSA Key Length IT policy rule

Description
This rule specifies the minimum RSA key size (in bits) to use over WTLS connections. The permitted range is 512 through 4096 bits.
Default value
Usage
If you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on a BlackBerry device, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is lower than the minimum key size on the BlackBerry Enterprise Server. For example, when a user browses to a secure web site that uses a 512-bit RSA key in its certificate, the BlackBerry device prompts the user to trust the web site. If the user trusts the web site and selects the Don't Ask Again option, the minimum key size on the BlackBerry device is configured to 512 bits. If you configure the minimum key size on the BlackBerry Enterprise Server to 2048 bits, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is lower than 2048 bits.
259
WTLS Restrict FIPS Ciphers IT policy rule

Description
This rule specifies whether the BlackBerry device can use an algorithm with WTLS that is not FIPS-compliant.
Default value
Usage
By default, if you configure the FIPS Level IT policy rule to 2, a BlackBerry device ignores this rule and uses only algorithms that are FIPS-compliant.
260
Descriptions of application control policy rules
Descriptions of application control policy rules
For information about configuring application control policy rules, see the BlackBerry Enterprise Server Administration Guide.
Are Internal Network Connections Allowed application control policy rule

Description
This rule specifies whether an application can make internal network connections. You can configure this rule to prevent the application from sending or receiving any data on a BlackBerry device using an internal protocol (for example, the BlackBerry MDS Connection Service). You can also configure this rule so that an application prompts a user before it makes internal connections through the BlackBerry device firewall.
Default value
The default value is Prompt User.
Are External Network Connections Allowed application control policy rule

Description
This rule specifies whether an application can make external network connections. You can configure this rule to prevent the application from sending or receiving any data on a BlackBerry device using an external protocol (such as WAP or TCP). You can also configure this rule so that an application prompts a user before it makes external connections through the BlackBerry device firewall.
Default value
261
Are Local Connections Allowed application control policy rule
Are Local Connections Allowed application control policy rule

Description
This rule specifies whether an application can make local network connections (for example, connections to a BlackBerry device using a USB or serial port).
Default value
Can Device Settings be Modified application control policy rule

Description
This rule specifies whether an application can change configuration and user settings on a BlackBerry device.
Default value
Can the Security Timer be Reset application control policy rule

Description
This rule specifies whether an application can reset the time that must pass before a BlackBerry device locks automatically.
Default value
262
Disposition application control policy rule
Disposition application control policy rule

Description
This rule specifies whether an application is optional, required, or not permitted on the BlackBerry device. You can use this rule to make a specific application mandatory on the BlackBerry device or to prevent unspecified or untrusted applications from being installed on the BlackBerry device.
Default value
The default value is Optional.
Is Access to the Browser Filters API Allowed application control policy rule
Description
This rule specifies whether an application can access browser filter APIs to register a browser filter on a BlackBerry device. You can use this rule to permit third-party applications to apply custom browser filters to web page content on a BlackBerry device.
Default value
The default value is Not Permitted.
Is Access to the Email API Allowed application control policy rule

Description
This rule specifies whether an application can send and receive email messages using a BlackBerry device.
Default value
263
Is Access to the Event Injection API Allowed application control policy rule
Is Access to the Event Injection API Allowed application control policy rule
Description
This rule specifies whether an application can simulate input events on a BlackBerry device, such as pressing keys or performing trackball actions.
Default value
The default value is Not Permitted.
Is Access to the File API Allowed application control policy rule

Description
This rule specifies whether an application can access, change, delete, and move files on a BlackBerry device.
Default value
Is Access to the GPS API Allowed application control policy rule

Description
264
Is Access to the Handheld Key Store Allowed application control policy rule
This rule specifies whether an application can access the GPS APIs on a BlackBerry device. You can configure this rule to prevent the application from accessing the GPS APIs on a BlackBerry device or to prompt the user before an application can access the GPS APIs.
Default value
Is Access to the Handheld Key Store Allowed application control policy rule
Description
This rule specifies whether an application can access the key store APIs on a BlackBerry device.
Default value
Dependencies
If you configure the Minimal Signing Key Store Security Level and the Minimal Encryption Key Store Security Level IT policy rules to use the high security level, this rule does not apply. A BlackBerry device prompts the user for the key store password each time that an application tries to access the private key.
Is Access to the Interprocess Communication API Allowed application control policy rule
Description
This rule specifies whether an application can perform cross application communication operations. You can use this rule to permit two or more applications to share data or for one application to use the connection permissions of another application.
Default value
265
Is Access to the Phone API Allowed application control policy rule
Is Access to the Phone API Allowed application control policy rule

Description
This rule specifies whether an application can make calls and access call logs on a BlackBerry device. You can configure this rule to prevent the application from making calls on a BlackBerry device or to prompt a user before the user makes calls.
Default value
Is Access to the Media API Allowed application control policy rule

Description
This rule specifies whether an application can run or create multimedia files on a BlackBerry device.
Default value
Is Access to the Module Management API Allowed application control policy rule
Description
266
Is Access to the PIM API Allowed application control policy rule
This rule specifies whether an application can add, modify or delete Java .cod files on theBlackBerry device.
Default value
Is Access to the PIM API Allowed application control policy rule

Description
This rule specifies whether an application can access the BlackBerry device PIM APIs, which control access to a user's personal information, such as contacts, on a BlackBerry device. Note: Permitting an application to access PIM data APIs and use internal and external network connection protocols might permit an application to send all of a users personal information from a BlackBerry device.
Default value
Is Access to the Screen, Microphone, and Video Capturing APIs Allowed application control policy rule
Description
This rule specifies whether an application can record media, such as audio and video, using the BlackBerry Browser or other applications on a BlackBerry device.
Default value
267
Is Access to the Serial Port Profile for Bluetooth API Allowed application control policy rule
Is Access to the Serial Port Profile for Bluetooth API Allowed application control policy rule
Description
This rule specifies whether an application can access the Bluetooth SPP API.
Default value
Dependencies
If you configure the Disable Serial Port Profile IT policy rule to Yes, this rule does not apply. A BlackBerry device cannot use the Bluetooth SPP to establish a serial connection to a Bluetooth enabled device.
Is Access to the User Authenticator API Allowed application control policy rule
Description
This rule specifies whether an application can access the user authenticator framework API. The user authenticator framework permits the registration of drivers that provide two-factor authentication to unlock a BlackBerry device. This rule applies to the BlackBerry Device Software and third-party Java applications.
Default value
Usage
For BlackBerry devices that are running BlackBerry Device Software version 5.0 and later, this rule applies to drivers for smart card readers and to custom two-factor authentication methods that are created by developers in your organization. For BlackBerry devices that are running BlackBerry Device Software versions that are earlier than version 5.0, this rule applies to drivers for smart cards only.
268
Is Access to the Wi-Fi API Allowed application control policy rule
Is Access to the Wi-Fi API Allowed application control policy rule

Description
This rule specifies whether a BlackBerry device can send and receive data over a Wi-Fi connection and access information about the Wi-Fi network.
Default value
Is Key Store Medium Security Allowed application control policy rule

Description
This rule specifies whether an application can access key store items that are stored at the medium security level. The application must prompt a BlackBerry device user for the key store password when it tries to access the private key for the first time or when the private key password timeout expires.
Default value
Dependencies
If you configure the Minimal Signing Key Store Security Level and the Minimal Encryption Key Store Security Level IT policy rules to use the high security level, this rule does not apply. A BlackBerry device prompts the user for the key store password each time that an application tries to access the private key.
269
Is Theme Data Allowed application control policy rule
Is Theme Data Allowed application control policy rule

Description
This rule specifies whether a user can use custom theme applications that are developed using the Plazmic Content Developers Kit as themes on a BlackBerry device.
Default value
List of Browser Filter Domains application control policy rule

Description
This rule specifies the list of domains for which an application can apply browser filters to web page content on a BlackBerry device. For example, you can specify www.google.com and www.yahoo.com as domains for which an application can use a browser filter for search engines.
Default value
List of External Domains application control policy rule

Description
This rule specifies the external domain names that an application can establish a connection to.
Default value
270
List of Internal Domains application control policy rule
BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
List of Internal Domains application control policy rule

Description
This rule specifies the internal domain names that an application can establish a connection to.
Default value
271
Configuration settings
Configuration settings
Configuration settings for VoIP profiles
Allow VoIP configuration setting
Description
This setting specifies whether a user can make VoIP calls on a Wi-Fi enabled BlackBerry device.
Default value
Usage
To turn off VoIP, change this setting to No. This setting is made obsolete by the BlackBerry Mobile Voice System.
SIP Authentication ID configuration setting

Description
This setting specifies the SIP authentication ID that a BlackBerry device uses to authenticate to your organization's SIP server.
Default value
Usage
Specify a value only if your organizations SIP server requires it. This setting is made obsolete by the BlackBerry Mobile Voice System.
272
SIP Domain configuration setting

Description
This setting specifies the SIP domain where the SIP User ID is valid.
Default value
Usage
This setting is made obsolete by the BlackBerry Mobile Voice System.
SIP Local Port configuration setting

Description
This setting specifies the network port number that a BlackBerry device listens for incoming SIP messages on.
Default value
Usage
SIP Realm configuration setting

Description
This setting specifies the name of the SIP domain or host that shares authentication information with your organization's SIP server.
Default value
273
The default value is None.
Usage
Configure this setting to specify a name for a SIP domain or host. The SIP realm value on a BlackBerry device must be the same as the SIP realm value that you specify on the SIP server. This setting is made obsolete by the BlackBerry Mobile Voice System.
SIP Registration Timeout configuration setting

Description
This setting specifies the time, in minutes, that elapses before the SIP registration process expires.
Default value
Usage
SIP RTP Media Port configuration setting

Description
This setting specifies the network port number that a BlackBerry device uses for outgoing RTP media streams.
Default value
Usage
274
SIP Server Name configuration setting

Description
This setting specifies the name or IP address of your organization's SIP proxy server.
Default value
Usage
SIP Server Port configuration setting

Description
This setting specifies the port number on your organization's SIP proxy server that the SIP proxy server uses to make network connections. The permitted range is 0 to 65536.
Default value
Usage
Change this setting only if the port number on the SIP proxy server is not 5060. This setting is made obsolete by the BlackBerry Mobile Voice System.
SIP Server Transport configuration setting

Description
275
This setting specifies the transport protocol that your organization's SIP server uses.
Default value
The default value is UDP.
Usage
Change this setting only if the transport protocol is not UDP. This setting is made obsolete by the BlackBerry Mobile Voice System.
SIP Server Type configuration setting

Description
This setting specifies the type of SIP proxy server that a BlackBerry device can connect to.
Default value
The default value is Generic SIP.
Usage
Change this setting only if the SIP proxy server is not generic. This setting is made obsolete by the BlackBerry Mobile Voice System.
SIP User Display Name configuration setting

Description
This setting specifies the user name that your organization's SIP server displays when it sends a users SIP address to a BlackBerry device.
Default value
Usage
276
Configure this setting if you want to create a default value for all users. This setting is made obsolete by the BlackBerry Mobile Voice System.
SIP User ID configuration setting

Description
This setting specifies the SIP user ID that a BlackBerry device uses to register with your organization's SIP proxy server.
Default value
Usage
Configure this setting if you want to create a default value for all users. If the user types a SIP user ID on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user typed. To retain the value that the user types on the BlackBerry device, verify that the updated IT policy uses the same value as this setting. This setting is made obsolete by the BlackBerry Mobile Voice System.
SIP User Password configuration setting

Description
This setting specifies the SIP user password that a BlackBerry device uses to authenticate to your organization's SIP proxy server.
Default value
Usage
Configure this setting if you want to create a default value for all users. If the user types a password on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user typed. To retain the value that the user types on the BlackBerry device, verify that the updated IT policy uses the same value as this setting.
277
VoIP Allow BlackBerry Device Changes configuration setting

Description
This setting specifies whether a user can change SIP and VoIP settings on a BlackBerry device for remote troubleshooting purposes.
Default value
Usage
VoIP Emergency Number configuration setting

Description
This setting specifies the emergency number that a BlackBerry device can use on your organizations network.
Default value
Usage
Two versions of this setting are available. Refer to the descriptions in the BlackBerry Administration Service to determine which version of this setting is appropriate for the BlackBerry devices in your organization. One version of the setting is valid for BlackBerry Device Software versions 4.0.0 to 4.0.1.90 only and you must configure it as an integer. The other version of the setting is valid for BlackBerry Device Software versions 4.0.1 and later and you must configure it as a string. This setting is made obsolete by the BlackBerry Mobile Voice System.
278
VoIP Enable Attended Call Transfer configuration setting

Description
This setting specifies whether a user can perform an attended transfer of a VoIP call (where the original call does not end until the user dials the transfer number and clicks Complete Transfer) on a BlackBerry device.
Default value
Usage
To use this feature, verify that your organizations PBX permits phones to transfer VoIP calls. This setting is made obsolete by the BlackBerry Mobile Voice System.
VoIP Enable Call Hold configuration setting

Description
This setting specifies whether a user can place a VoIP call on hold on a BlackBerry device.
Default value
Usage
VoIP Enable Unattended Call Transfer configuration setting

Description
279
Configuration settings for VPN profiles
This setting specifies whether a user can perform an unattended transfer to a VoIP call (where the original call ends automatically when the user dials the transfer number) on a BlackBerry device.
Default value
Usage
To use this feature, verify that your organizations PBX permits phones to transfer VoIP calls. This setting is made obsolete by the BlackBerry Mobile Voice System.

Enable VPN configuration setting
Description
This setting specifies whether the VPN client on a BlackBerry device is turned on.
Default value
The default value is No. The BlackBerry device might not be able to use a Wi-Fi network that requires VPN access, or it might require the use of an alternative form of access control.
Usage
Change this setting to Yes to require that a BlackBerry device use a VPN server to access a Wi-Fi network. This configuration setting is obsolete in BlackBerry Enterprise Server versions 4.1 SP3 and later.
Suppress VPN Banner configuration setting

Description
280
This setting specifies whether the VPN dialog box displays on a BlackBerry device.
Default value
The default value is Yes. The VPN dialog box does not display on the BlackBerry device.
Usage
To display the VPN dialog box after the BlackBerry device connects to the VPN server, change this setting to No.
Use VPN Xauth configuration setting

Description
This setting specifies whether the VPN client on a BlackBerry device should use Xauth certificates to authenticate to your organization's VPN gateway.
Default value
Usage
You must change the Enable VPN configuration setting to Yes so that a BlackBerry device can use this configuration setting.
VPN Allow Handheld Changes configuration setting

Description
This setting specifies whether a user can change all VPN policy rules on a BlackBerry device.
Default value
Usage
If you change this setting to No, a user can continue to change the VPN user name and VPN password on a BlackBerry device.
281
VPN Allow Password Save configuration setting

Description
This setting specifies whether a user can save the VPN password on a BlackBerry device.
Default value
Usage
If you change this setting to No (password not saved), the user must type a VPN password each time the BlackBerry device connects to the VPN concentrator.
VPN Disable Server Certificate Validation configuration setting

Description
This setting specifies whether a BlackBerry device requires a certificate to authenticate with VPN gateways that support PKIbased authentication using certificates.
Default value
Usage
Change this setting to Yes to turn off server certificate validation during PKI-based authentication.
Dependencies
This setting applies to the following VPN gateways that support PKI-based authentication using certificates: the Cisco Secure PIX Firewall, the Cisco IOS with Easy VPN Server, the NetScreen Series Security Systems, and the Nortel Networks Contivity VPN switch.
282
VPN DNS Configuration configuration setting

Description
This setting specifies your organization's VPN DNS configuration.
Default setting
The default value is Yes. A BlackBerry device retrieves DNS settings from the VPN gateway.
Usage
To require that the BlackBerry device use the static settings that are specified in the VPN Primary DNS configuration setting, VPN Secondary DNS configuration setting, and VPN Domain Name configuration setting, change this setting to No.
Dependencies
VPN Domain Name configuration setting

Description
This setting specifies the suffix for your organization's domain name using the FQDN format.
Default value
Usage
You must change the Enable VPN configuration setting to Yes and the VPN DNS Configuration configuration setting to No so that a BlackBerry device can use this configuration setting.
VPN Gateway Address configuration setting

Description
283
This setting specifies the IP address or FQDN of your organization's VPN server.
Default value
VPN Group Name configuration setting

Description
This setting specifies the group name of your organization's VPN server.
Default value
Usage
VPN Group Password configuration setting

Description
This setting specifies the group password of your organization's VPN server.
Default value
Usage
284
VPN Hard Token Required configuration setting

Description
This setting specifies whether the VPN server requires that a BlackBerry device use a hard token as part of the password for authentication.
Default value
Usage
Change this setting to Yes if the VPN server requires a hard token (for example, RSA SecurID) as part of the password for authentication.
VPN IKE Cipher configuration setting

Description
This setting specifies the encryption algorithm that a BlackBerry device uses to authenticate IKE exchanges.
Default value
The default value is AES-128.
Usage
Change this setting only if the encryption algorithm does not support AES-128.
Java based BlackBerry device that is running BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
VPN IKE DH Group configuration setting

Description
This setting specifies the DH group that a BlackBerry device uses to generate key material.
Default value
285
The default value is Group 7 (elliptic curve cryptography).
Usage
Change this setting only if the the DH group does not use ECC.
Dependencies
You must change the Enable VPN configuration setting to Yes so that a BlackBerry device can use this setting.
VPN IKE Hash configuration setting

Description
This setting specifies the hash method authentication code that a BlackBerry device can use.
Default value
The default value is SHA-1 (160 bits).
Usage
Change this setting only if the hash method authentication code does not support SHA-1 (160 bits).
VPN IP Address configuration setting

Description
This setting specifies the IP address of the VPN.
Default value
286
VPN IPSec Cipher and Hash configuration setting

Description
This setting specifies the encryption algorithm and hash that a BlackBerry device uses for IPSec Security Associations.
Default value
The default value is AES-128 Cipher and SHA-1 Hash.
Usage
Change this setting only if the IPSec Cipher and Hash are not AES-128 and SHA-1.
VPN Minimal Certificate Encryption Key Security Level configuration setting

Description
This setting specifies the minimum security level for private keys that a BlackBerry device uses for authentication methods that require client certificates.
Default value
The default value is Low security. A BlackBerry device prompts the user only once for the key store password. The BlackBerry device retrieves and stores, in unencrypted format, the private key with the VPN profile.
Usage
If you change this setting to High security, a BlackBerry device always prompts the user for the key store password when the BlackBerry device requires access to the private key. This might happen frequently, even if the user typed the password recently. Private keys are not stored with the VPN profile. If you change this setting to Medium security, the BlackBerry device prompts the user for the key store password the first time only and, from that point forward, only prompts the user after the user resets the BlackBerry device. Private keys are cached in memory but are not stored with the VPN profile. This rule is obsolete in BlackBerry Enterprise Server version 4.1 SP4.
287
VPN NAT Keep Alive configuration setting

Description
This setting specifies the NAT keep-alive frequency. The permitted range is 1 to 1439 minutes.
Default value
The default value is 1 minute.
Usage
Specify the interval, in minutes, that a BlackBerry device sends a keep-alive packet to the VPN concentrator to maintain the connection to the VPN concentrator.
VPN PFS configuration setting

Description
This setting specifies whether PFS is turned on for a BlackBerry device.
Default value
Usage
Change this setting only if your organization does not support PFS.
VPN Primary DNS configuration setting

Description
This setting specifies the static setting for the IP address of your organization's primary DNS server.
Default value
288
Dependencies
You must change the Enable VPN configuration setting to Yes and the VPN DNS Configuration setting to No so that a BlackBerry device can use this configuration setting.
VPN Profile Visibility configuration setting

Description
This setting specifies whether a user can view the configuration settings of the VPN profile on a BlackBerry device.
Default value
The default value is Full Visibility. A user can view all the configuration settings of the VPN profile.
VPN Profile Editability configuration setting

Description
This setting specifies whether the user can change the configuration settings of the VPN profile on a BlackBerry device.
Default value
The default value is Full editability.
VPN Secondary DNS configuration setting

Description
289
This setting specifies the static setting for the IP address of your organization's secondary DNS server.
Default value
Dependencies
You must change the Enable VPN configuration setting to Yes and the VPN DNS Configuration setting to No so that a BlackBerry device can use this setting.
VPN Subnet Mask configuration setting

Description
This setting specifies the IP address of the subnet mask of the VPN.
Default setting
Dependencies
If you change this setting, you must also change the VPN DNS configuration setting to No and the Enable VPN configuration setting to Yes.
VPN Token Serial Number configuration setting

Description
If the VPN server requires that a BlackBerry device use a software token as part of the password for authentication, this setting specifies the serial number of the software token that is provisioned to the BlackBerry device.
Default value
290
VPN User Name configuration setting

Description
This setting specifies the default user name that a BlackBerry device uses to log in to your organization's VPN server.
Default value
Usage
Configure this setting if you want to create a default user name for all user accounts. If a user types a user name on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user typed. To retain the value that the user types on the BlackBerry device, verify that the updated configuration setting uses the same value as this setting.
Dependencies
You must change the Enable VPN configuration setting to Yes so that a BlackBerry device can use this setting.
VPN User Password configuration setting

Description
This setting specifies the default password that a BlackBerry device uses to log in to your organization's VPN server.
Default value
Usage
Configure this setting if you want to create a default password for all user accounts. If a user types a password on the BlackBerry device manually, IT policy updates overwrite or delete the value that the user typed. To retain the value that the user types on the BlackBerry device, verify that the updated configuration setting uses the same value as this configuration setting.
Dependencies
291
VPN Vendor Type configuration setting

Description
This setting specifies the type of VPN client that the VPN client on a BlackBerry device emulates.
Default value
Dependencies
VPN Xauth Type configuration setting

Description
This setting specifies the type of user-level authentication that your organization's VPN server uses.
Default value
The default value is User name and password required.
Dependencies
292
Configuration settings for Wi-Fi profiles

Associated Certificate Authority Configuration configuration setting
Description
This setting specifies the name of the certificate authority profile that is configured in the Certificate Authority Profile Name IT policy rule. The certificate authority profile consists of credentials that a BlackBerry device can use to initiate a certificate enrollment process.
Default value
Usage
After you associate a certificate authority profile with a Wi-Fi profile, you can assign the Wi-Fi profile to a user account and send the profile to a BlackBerry device.
Associated VoIP Configuration configuration setting

Description
This setting is a hidden property that a BlackBerry device uses. The setting contains the name of the VoIP profile that is associated with the Wi-Fi profile.
Default value
Associated VPN Configuration configuration setting

Description
293
This setting is a hidden property that contains the name of the VPN profile that you want to associate with the Wi-Fi profile.
Default value
Wi-Fi Allow AP to AP Handover configuration setting

Description
This setting specifies whether a BlackBerry device can perform Wi-Fi handovers between wireless access points.
Default value
Usage
The default value permits handovers between access points in your organization's Wi-Fi network. Change this setting to No to prevent handovers between access points.
Wi-Fi Allow Handheld Changes configuration setting

Description
This setting specifies whether a user can change all Wi-Fi policy settings on a BlackBerry device.
Default value
Usage
Change this setting to No to permit a user to change only the user-specific Wi-Fi policy settings on a BlackBerry device. Userspecific Wi-Fi policy settings are Wi-Fi User Name setting and Wi-Fi User Password setting. This configuration setting is obsolete in BlackBerry Enterprise Server version 4.1 SP3.
294
Wi-Fi Allow Password Save configuration setting

Description
This setting specifies whether a user can save passwords for authentication to a Wi-Fi network on a BlackBerry device.
Default value
Usage
The default value permits a user to save passwords on a BlackBerry device for authentication to the Wi-Fi network.
Wi-Fi Band Type configuration setting

Description
This setting specifies one or more band types that you configure the wireless access points of a specific SSID to operate on.
Default value
The default value is 802.11 a/b/g.
Wi-Fi BlackBerry Infrastructure Wi-Fi Access Mode configuration setting

Description
This setting specifies whether a Wi-Fi enabled BlackBerry device can connect to the BlackBerry Infrastructure over a Wi-Fi network to access the BlackBerry Enterprise Server or the BlackBerry Internet Service.
Default value
295
The default value is Access does not require VPN. A BlackBerry device can bypass active VPN connections when it connects to the BlackBerry Infrastructure over a Wi-Fi network.
Usage
You can configure one of the following options so that a BlackBerry device can connect to the BlackBerry Infrastructure over a Wi-Fi network: If you want a BlackBerry device to always use a VPN connection when it connects to the BlackBerry Infrastructure over a Wi-Fi network, you can choose the Access requires VPN option. You can choose this option if you want to enforce the additional security that a VPN connection provides. If you do not want a BlackBerry device to connect to the BlackBerry Infrastructure over a Wi-Fi network, you can choose the Access disabled option.
Dependencies
When you change this setting, you override the BlackBerry Infrastructure Wi-Fi Access Mode IT policy rule. You can use this setting to configure the access mode for a specific Wi-Fi network, and the IT policy rule to configure the access mode for other Wi-Fi networks. If you turn off access to the BlackBerry Infrastructure over a Wi-Fi network using the IT policy rule, you cannot override the IT policy rule using this setting.
Wi-Fi Default Gateway configuration setting

Description
This setting specifies the default gateway in IP address format (for example, 10.0.0.1) that a BlackBerry device can use if DHCP on the BlackBerry device is turned off.
Default value
Usage
A BlackBerry device uses this setting only if you change the Wi-Fi DHCP Configuration configuration setting to No.
Dependencies
If you change the Wi-Fi DHCP Configuration configuration setting to Yes, do not change this setting to Yes
296
Wi-Fi Default KEY ID configuration setting

Description
This setting specifies the default WEP key ID.
Default value
Usage
Verify that the WEP key ID matches the WEP access point ID and the corresponding WEP key.
Wi-Fi DHCP Configuration configuration setting

Description
This setting specifies whether your organization uses DHCP for dynamic network configuration.
Default value
The default value is Yes. DHCP is turned on.
Usage
If your organization uses a Wi-Fi network that includes subnets, turn on DHCP to permit roaming between subnets.
Wi-Fi Disable Server Certificate Validation configuration setting

Description
This setting specifies whether a BlackBerry device requires a certificate authority certificate for server authentication when it uses a PEAP, EAP-TLS, or EAP-TTLS authentication method to connect to a Wi-Fi network.
Default value
297
Usage
If you change this setting to Yes, a root certificate is not required for the EAP, EAP-TLS, or EAP-TTLS authentication method.
Wi-Fi Domain Suffix configuration setting

Description
This setting specifies the suffix for the internal domain name in FQDN format.
Default value
Dependencies
Configure this setting only if you change the Wi-Fi DHCP Configuration configuration setting to No to make DHCP unavailable.
Wi-Fi EAP-FAST Provisioning method configuration setting

Description
This setting specifies the type of provisioning method that a BlackBerry device can use when it authenticates to a Wi-Fi network using EAP-FAST authentication with PAC.
Default value
The default value is Anonymous. The server provisions the BlackBerry device with a PAC when the BlackBerry device connects for the first time. The server uses the user name and password to authenticate the user account. When you choose this option, server authentication does not occur.
Usage
You can configure one of the following options to change the type of provisioning methods that a BlackBerry device can use: If you want the server to authenticate a BlackBerry device using the user name and password of the user account and a root certificate when the BlackBerry device connects for the first time, you can select the Authenticated option. The BlackBerry device does not connect to the server if the server does not present a root certificate to the BlackBerry device.
298
If you want the server to authenticate a BlackBerry device using the user name and password of the user account, and you want the settings on the server to determine if server authentication must occur, you can select the Both option. If the server presents a root certificate, the BlackBerry device verifies the server using the selected root certificate. If the server does not present a root certificate, the BlackBerry device does not perform server authentication. Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0

Wi-Fi Enable Authentication Page configuration setting

Description
This setting specifies whether the Wi-Fi Login browser is available on a BlackBerry device.
Default value
Usage
Change this setting to Yes to permit a user to log in to a captive portal using a BlackBerry device. This setting is obsolete in BlackBerry Enterprise Server versions 4.1 SP4 and later.
Wi-Fi Hard Token Required configuration setting

Description
This setting specifies whether a BlackBerry device requires a hard token for authentication.
Default value
Usage
Change this setting to Yes if a BlackBerry device requires a hard token (for example, RSA SecurID) as part of the password for authentication.
299
Wi-Fi Inner Authentication Mode configuration setting

Description
This setting specifies the authentication mode that a BlackBerry device uses for tunnelled EAP security.
Default value
The default value is None.
Wi-Fi IP Address configuration setting

Description
This setting specifies the IP address (for example, 10.0.0.1) that a BlackBerry device can use if DHCP on the BlackBerry device is turned off.
Default value
Usage
Dependencies
If you change the Wi-Fi DHCP Configuration configuration setting to Yes, do not change this setting to Yes.
Wi-Fi Link Security configuration setting

Description
300
This setting specifies the type of authentication method (for example, Open, EAP-FAST, LEAP, PEAP, EAP-TLS, EAP-TTLS, PSK, or WEP) that a BlackBerry device requires to access a Wi-Fi network.
Default value
The default value is Open.
Wi-Fi Minimal EAP-TLS Certificate Encryption Key Security Level configuration setting
Description
This setting specifies the minimum security level for a private key that an EAP authentication method (for example, EAP-TLS) uses with a client certificate.
Default value
The default value is Low security. A BlackBerry device prompts a user only once for the key store password so that the BlackBerry device can retrieve the private key and encrypt messages. The BlackBerry device stores the unencrypted private key with the WiFi profile.
Usage
If you configure this setting to Medium security, a BlackBerry device prompts a user only once for the key store password so that the BlackBerry device can retrieve the private key and encrypt messages. After the BlackBerry device retrieves the private key, the BlackBerry device retrieves the private key again only after the user resets the BlackBerry device. The BlackBerry device caches the private key in memory but does not store it with the Wi-Fi profile. If you configure this setting to High security, a BlackBerry device always prompts a user for the key store password when it accesses the private key and encrypts messages. The BlackBerry device does not store the unencrypted private key with the WiFi profile.
Wi-Fi Preshared Key configuration setting

Description
This setting specifies the PSK if you use PSK in your organization to authenticate to Wi-Fi networks.
Default value
301
Dependencies
A BlackBerry device uses this setting only if you configure the Wi-Fi Link Security configuration setting to PSK.
Wi-Fi Primary DNS configuration setting

Description
This setting specifies the primary DNS in IP address format (for example, 10.0.0.1) that a BlackBerry device can use if DHCP on the BlackBerry device is turned off.
Default value
Usage
Dependencies
If you configure the Wi-Fi DHCP Configuration configuration setting to Yes, do not change this setting to Yes.
Wi-Fi Profile Editability configuration setting

Description
This setting specifies whether a user can change the settings in the Wi-Fi profile on a BlackBerry device.
Default value
The default value is Full editability. The user can change all settings in the Wi-Fi profile.
Usage
When you change this setting to No editability, the user cannot change any settings in the Wi-Fi profile.
302
When you change this setting to Credentials editability, the user can change only the user credentials in the Wi-Fi profile.
Wi-Fi Profile Visibility configuration setting

Description
This setting specifies whether a user can view the settings in the Wi-Fi profile.
Default value
The default value is Full visibility. The BlackBerry device displays all the settings in the Wi-Fi profile.
Usage
When you configure this setting to Restricted visibility, the BlackBerry device displays only the profile name. When you configure this setting to Credentials visibility, the BlackBerry device displays only the profile name and login information of the user.
Wi-Fi Protected Access Credential Key configuration setting

Description
This setting specifies the PAC key that a BlackBerry device can use for EAP-FAST authentication.
Default value
Wi-Fi Roaming Threshold configuration setting

Description
303
This setting determines how often the Wi-Fi transceiver scans for nearby wireless access points and roams to one of them if the signal quality is better than the signal of the current access point.
Default value
The default value is Auto. A BlackBerry device selects roaming thresholds automatically.
Usage
When you configure this setting to Low, a BlackBerry device roams only when signal quality is very low. When you configure this setting to Medium, a BlackBerry device roams when the signal quality is medium to low. When you configure this setting to High, a BlackBerry device roams aggressively to access points with better signal strength.
Wi-Fi Secondary DNS configuration setting

Description
This setting specifies the secondary DNS in IP address format (for example, 10.0.0.1) that a BlackBerry device can use if DHCP on the BlackBerry device is turned off.
Default value
Usage
Dependencies
Wi-Fi Server SAN configuration setting

Description
304
This setting specifies a SAN field for the server certificate.
Default value
Usage
If you do not specify a SAN field for the server certificate, the BlackBerry device accepts any valid server certificate.
Wi-Fi Server Subject configuration setting

Description
This setting specifies the Subject field for the server certificate.
Default value
Usage
If you do not specify the Subject field for a server certificate, the BlackBerry device accepts any valid server certificate.
Wi-Fi SSID configuration setting

Description
This setting specifies the network name of a Wi-Fi network and its wireless access points. The SSID is case-sensitive.
Default value
Usage
You must configure this setting before a BlackBerry device can access the Wi-Fi network.
305
Wi-Fi Subnet configuration setting

Description
This setting specifies the subnet mask in IP address format (for example, 10.0.0.1) that a BlackBerry device can use if DHCP on the BlackBerry device is turned off.
Default value
Usage
Dependencies
Wi-Fi Token Serial Number configuration setting

Description
If a BlackBerry device requires that a software token is part of the password for authentication, this setting specifies the serial number of the software token that is provided to the BlackBerry device.
Default value
Wi-Fi User Name configuration setting

Description
306
This setting specifies the user name for PEAP or LEAP authentication on a BlackBerry device.
Default value
Usage
Configure this setting if you want to create a default value for all users. If a user types a user name on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user types. To retain the user-specified value on the BlackBerry device, verify that the updated Wi-Fi profile uses the same value as the WiFi profile on the BlackBerry device.
Wi-Fi User Password configuration setting

Description
This setting specifies the password for PEAP or LEAP authentication on a BlackBerry device.
Default value
Usage
Configure this setting if you want to create a default value for all users. If a user types a password on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user types. To retain the user-specified value on the BlackBerry device, verify that the updated Wi-Fi profile uses the same value as the WiFi profile on the BlackBerry device.
Wi-Fi WEP Key 1 configuration setting

Description
This setting specifies the password for WEP key 1 using the format xx:xx:xx:xx:xx.
Default value
307
Usage
Valid values are either 5 or 13 pairs of hexadecimal digits (0 to 9 and A to F) that you separate with a colon (for example, AB:CD:EF: 01:23 or AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23).

Description
Default value
Usage

Description
Default value
Usage
308

Description
Default value
The default value is null.
Usage
309
Examples of security policy goals
Examples of security policy goals

You can use IT policies and application control policies to meet your organization's security policy goals. Example goal Define permitted use of passwords for authentication on BlackBerry devices. Description Require a password on the BlackBerry device. Configure features such as password duration, length, and strength. Require password patterns. Forbid specific passwords.
Define the encryption strength that BlackBerry devices use to protect data.
Extend encryption of data that is in transit between the sender and recipient of an email message or PIN message. Require the BlackBerry device to generate and use the content protection key to encrypt user data while the BlackBerry device is locked. Require the BlackBerry device to generate and use the principal encryption key to encrypt the device transport key while the BlackBerry device is locked. To require a specific standard of encryption strength, specify the level of FIPS compliance for the embedded cryptographic module that is required for basic operation of the BlackBerry device. Prevent BlackBerry device users from downloading third-party applications over the wireless network. Specify whether applications on the BlackBerry device can establish specific types of connections. Specify the resources (for example, email, phone, and BlackBerry device key store) that a third-party application can access on the BlackBerry device. Specify the types of connections (for example, local, internal, and external) that a third-party application that is running on the BlackBerry device can open. Specify whether an application can access the user authenticator framework API, which permits the registration of drivers to provide two-factor authentication to unlock the BlackBerry device. Manage Bluetooth technology on BlackBerry devices. Prevent the use of Bluetooth technology on BlackBerry devices.
Control application installation and use on BlackBerry devices.
Block viruses and malicious user actions on BlackBerry devices.
Control Bluetooth technology use on BlackBerry devices.
310
Defining acceptable use of passwords and passphrases on BlackBerry devices
Example goal
Description Specify whether a BlackBerry device can pair with another Bluetooth enabled device. Specify whether the user can turn on and turn off the Bluetooth profiles that are on the BlackBerry device.
Defining acceptable use of passwords and passphrases on BlackBerry devices

Scenario Extend your organization's password policy to BlackBerry devices. Example IT policy rule Password Required Maximum Password Age Minimum Password Length Password Pattern Checks Example value Yes 30 (days) 8 (characters) 2 (requires at least one alphabetic, one numeric, and one special character) Forbidden Passwords obvious and non-secure passwords (for example, password, usernames, and organization's names) Set Password Timeout 5 (minutes) User Can Change Timeout No Set Maximum Password Attempts 10 (number of incorrect passwords that a user types before the BlackBerry device data is deleted) Maximum Password History 10 (maximum number of previous passwords that the new password must be checked against) Duress Notification Address email address that receives a notification message when a user types a password under duress
Delete all user data on the BlackBerry device if the user types the password incorrectly. Do not permit users to reuse an expired password.
Permit users to notify administrators if the BlackBerry device is in jeopardy of theft.
311
Defining measures to protect BlackBerry devices from unauthorized use
Defining measures to protect BlackBerry devices from unauthorized use

Scenario Extend your organization's password policy to BlackBerry devices. Example IT policy rule Enable Long-Term Timeout Example value Yes
Lock the BlackBerry device automatically, regardless of user activity. Prompt the user to type a password, whether the Periodic Challenge Time BlackBerry device is idle or in use. Lock the BlackBerry device automatically when a user inserts it in the holster. Lock the BlackBerry device automatically after a period of user inactivity. Force Lock When Holstered Maximum Security Timeout
60 (minutes that can elapse before the user must type a password) Yes 5 (minutes of idle time that is permitted before the BlackBerry device locks)
Defining the encryption strength that the BlackBerry device uses to protect data
Scenario Protect user and application data on the BlackBerry device. Protect the device transport key on a locked BlackBerry device. Specify the level of FIPS compliance on the BlackBerry device. Specify the algorithms that the BlackBerry device uses to encrypt and decrypt PGP messages. Example IT policy rule Content Protection Strength Example value Yes
Force Content Protection of Master Key Yes FIPS Level PGP Allowed Content Ciphers 2 AES (256-bit), AES (192-bit), AES (128bit), and Triple DES
312
Defining measures to prevent threats from viruses and malicious users
Scenario Specify the algorithms that the BlackBerry device uses to encrypt and decrypt S/MIME messages.
Example IT policy rule S/MIME Allowed Content Ciphers
Example value AES (256-bit), AES (192-bit), AES (128bit), and Triple DES
Restricting unsecured messaging

Scenario Example IT policy rule Example value No No No No Yes Yes No No Yes To comply with industry regulations, make sure that Allow Other Browser Services all electronic communication between your Allow Other Message Services employees and their clients is recorded. Allow Peer-to-Peer Messages Allow SMS Disable Forwarding Between Services Disable Cut/Copy/Paste Prevent users from sending PIN messages. Allow Peer-to-Peer Messages (Users can still receive PIN messages.) Prevent users from sending SMS text messages. Allow SMS
(Users can still receive SMS text messages.) Prevent users from forwarding or replying to Disable Forwarding Between messages using a different BlackBerry Enterprise Services Server. Display message sensitivity using different message Security Service Colors background colors.
colors of sensitive and nonsensitive messages in redgreen-blue format

Consider using IT policy rules and application control policy rules to block threats from viruses and other methods of attack by users with malicious intent.
313
Limiting the resources that third-party applications installed on BlackBerry devices can access
Scenario Prevent third-party Java applications from accessing a list of domains using the BlackBerry Browser. Permit a third-party Java application from sending and receiving messages on a BlackBerry device. Remove a third-party Java application from BlackBerry devices over the wireless network. Permit a third-party Java application to access the phone application on BlackBerry devices. Permit a third-party Java application to create public external network connections and permit connections to external domains without prompting users for a password on their BlackBerry devices. Permit a third-party Java application to establish connections to Bluetooth enabled devices. Example application control policy rule List of Browser Filter Domains Value addresses of the domains
Is Access to the Email API Allowed Disposition Is Access to the Phone API Allowed Are External Network Connections Allowed List of External Domains Is Access to the Serial Port Profile for Bluetooth API Allowed Are External Network Connections Allowed
Allowed Disallowed Allowed Allowed addresses of the external domains Allowed Allowed Disallowed
Prevent users from turning on a custom theme that Is Theme Data Allowed was created using the Plazmic Content Developer's Kit. Prevent users from unlocking their BlackBerry Is Access to the User devices using a BlackBerry Smart Card Reader and Authenticator API Allowed an authentication password.
Disallowed
314
Preventing RIM value-added applications from running on BlackBerry devices
Limiting user control of third-party applications on BlackBerry devices

Scenario Prevent third-party applications from accessing serial ports or USB ports on BlackBerry devices. Prevent third-party applications from accessing the persistent store API on BlackBerry devices. Prevent users from configuring and running add-in applications in the BlackBerry Desktop Manager. Prevent users from downloading third-party applications or themes to their BlackBerry devices. Prevent users from removing a third-party Java application installed on their BlackBerry devices. Prevent users from installing a third-party Java application on their BlackBerry devices. Remove a third-party Java application from BlackBerry devices over the wireless network. Prevent users from turning on a custom theme that was created using the BlackBerry Theme Studio. Example policy rule Allow Third Party Apps to Use Serial Port (IT policy rule) Allow Third Party Apps to Use Persistent Store (IT policy rule) Desktop Allow Desktop Add-Ins (IT policy rule) Disallow Third Party Application Downloads (IT policy rule) Disposition (application control policy rule) Disposition (application control policy rule) Disposition (application control policy rule) Is Theme Data Allowed (application control policy rule) Value No No No Yes Required Required Required Required Required
Prevent users from unlocking their BlackBerry Is Access to the User devices using a BlackBerry Smart Card Reader and Authenticator API allowed an authentication password. (application control policy rule) Prevent users that are authenticating through a VPN Is Access to the User connection from using third-party applications on Authenticator API allowed their BlackBerry devices. (application control policy rule)
Required

You can use application control policy rules and IT policy rules to control whether Research In Motion value-added applications are available on BlackBerry devices. RIM value-added applications include the BlackBerry Wallet and the ecommerce content optimization engine for the BlackBerry Browser.
315
To prevent the RIM value-added applications from running on BlackBerry Device Software versions earlier than 4.5, you can block all RIM value-added applications using the Disable RIM Value-Added Applications IT policy rule, or you can block specific RIM value-added applications using application-specific IT policy rules. To prevent the RIM value-added applications from running on BlackBerry Device Software version 4.5 or later, you can use any of the following application-specific methods: Application BlackBerry Wallet Method Configure the Disable BlackBerry Wallet IT policy rule to Yes. Apply an application control policy rule to block all third-party applications, or apply an application control policy to block specific RIM value-added applications if you want to remove the RIM value-added applications from BlackBerry devices. Configure the Disable RIM Value-Added Applications IT policy rule to Yes. Configure the Disable Ecommerce Content Optimization Engine IT policy rule to Yes. Apply an application control policy rule to block all third-party applications, or apply an application control policy to block specific RIM value-added applications if you want to remove the RIM value-added applications from BlackBerry devices. Configure the Disable RIM Value-Added Applications IT policy rule to Yes.
ecommerce content optimization engine for the BlackBerry Browser
You can apply the Disposition application control policy rule to RIM value-added applications only. Other application control policy rules do not apply to RIM value-added applications.
316
Glossary
Glossary
A2DP Advanced Audio Distribution Profile AES Advanced Encryption Standard APB all points bulletin API application programming interface APN access point name ASCII American Standard Code for Information Interchange AVRCP Audio/Video Remote Control Profile BCC blind carbon copy BlackBerry MDS BlackBerry Mobile Data System BSM browser session manager CAST Computer Assisted Seriation Test CHAP Challenge Handshake Authentication Protocol COM Component Object Model CRL certificate revocation list
317
Glossary
DES Data Encryption Standard DHCP Dynamic Host Configuration Protocol DNS Domain Name System DSA Digital Signature Algorithm DTMF Dual Tone Multiple-frequency DUN Dial-up Networking EAP Extensible Authentication Protocol EAP-FAST Extensible Authentication Protocol Flexible Authentication via Secure Tunneling EAP-TLS Extensible Authentication Protocol Transport Layer Security EAP-TTLS Extensible Authentication Protocol Tunneled Transport Layer Security ECC Elliptic Curve Cryptography FIPS Federal Information Processing Standards FQDN fully qualified domain name GAN generic access network GPS Global Positioning System
318
Glossary
HFP Hands-Free Profile HSP Headset Profile HTML Hypertext Markup Language HTTPS Hypertext Transfer Protocol over Secure Sockets Layer IKE Internet Key Exchange IMEI International Mobile Equipment Identity IOT interoperability test IP Internet Protocol IPSec Internet Protocol Security LEAP Lightweight Extensible Authentication Protocol LED light-emitting diode MDS Mobile Data System MFH message from handheld MMS Multimedia Messaging Service MTH message to handheld
319
Glossary
NAT network address translation OBEX Object Exchange PAC proxy auto-configuration PBX Private Branch Exchange PEAP Protected Extensible Authentication Protocol PFS Perfect Forward Secrecy PIM personal information management PIN personal identification number PKI Public Key Infrastructure PSK pre-shared key RNG random number generator RTP Real-time Transport Protocol SAN subject alternative name SHA Secure Hash Algorithm SIM Subscriber Identity Module
320
Glossary
SIP Session Initiation Protocol S/MIME Secure Multipurpose Internet Mail Extensions SMS Short Message Service SPP Serial Port Profile SSID service set identifier TCP Transmission Control Protocol TLS Transport Layer Security TUI telephone UI UDP User Datagram Protocol UID unique identifier USB Universal Serial Bus VoIP Voice over Internet Protocol VPN virtual private network WAN wide area network WAP Wireless Application Protocol
321
Glossary
WEP Wired Equivalent Privacy WLAN wireless local area network WTLS Wireless Transport Layer Security
322
Provide feedback
Provide feedback
To provide feedback on this deliverable, visit www.blackberry.com/docsfeedback.
323
Legal notice
Legal notice
2009 Research In Motion Limited. All rights reserved. BlackBerry, RIM, Research In Motion, SureType, SurePress and related trademarks, names, and logos are the property of Research In Motion Limited and are registered and/or used in the U.S. and countries around the world. 3GPP is a trademark of 3GPP. AIM, AOL Instant Messenger, and ICQ are trademarks of AOL LCC. Bluetooth is a trademark of Bluetooth SIG. DataViz and Documents to Go are trademarks of DataViz. Entrust and Entrust Entelligence are trademarks of Entrust, Inc. Facebook is a trademark of Facebook, Inc. Google Talk and Picasa are trademarks of Google Inc. IrDA is a trademark of Infrared Data Association. IBM, Domino, Lotus, Lotus Notes, Quickr, and Sametime are trademarks of International Business Machines Corporation. Kodiak PTT is a trademark of Kodiak Networks Inc. Microsoft, Active Directory, and Windows Live are trademarks of Microsoft Corporation. NetScreen is a trademark of Juniper Networks, Inc. Novell and GroupWise are trademarks of Novell, Inc. PGP is a trademark of PGP Corporation. Plazmic is a trademark of Plazmic Inc. Roxio is a trademark of Sonic Solutions. RSA and RSA SecurID are trademarks of RSA Security. Java and JavaScript are trademarks of Sun Microsystems, Inc. TiVo is a trademark of TiVo Inc. T-Mobile is a trademark of Deutsche Telekom AG. Wi-Fi is a trademark of the Wi-Fi Alliance. Flickr and Yahoo! Messenger are trademarks of Yahoo! Inc. All other trademarks are the property of their respective owners. The BlackBerry smartphone and other devices and/or associated software are protected by copyright, international treaties, and various patents, including one or more of the following U.S. patents: 6,278,442; 6,271,605; 6,219,694; 6,075,470; 6,073,318; D445,428; D433,460; D416,256. Other patents are registered or pending in the U.S. and in various countries around the world. Visit www.rim.com/patents for a list of RIM (as hereinafter defined) patents. This documentation including all documentation incorporated by reference herein such as documentation provided or made available at www.blackberry.com/go/docs is provided or made accessible "AS IS" and "AS AVAILABLE" and without condition, endorsement, guarantee, representation, or warranty of any kind by Research In Motion Limited and its affiliated companies ("RIM") and RIM assumes no responsibility for any typographical, technical, or other inaccuracies, errors, or omissions in this documentation. In order to protect RIM proprietary and confidential information and/or trade secrets, this documentation may describe some aspects of RIM technology in generalized terms. RIM reserves the right to periodically change information that is contained in this documentation; however, RIM makes no commitment to provide any such changes, updates, enhancements, or other additions to this documentation to you in a timely manner or at all. This documentation might contain references to third-party sources of information, hardware or software, products or services including components and content such as content protected by copyright and/or third-party web sites (collectively the "Third Party Products and Services"). RIM does not control, and is not responsible for, any Third Party Products and Services including, without limitation the content, accuracy, copyright compliance, compatibility, performance, trustworthiness, legality, decency, links, or any other aspect of Third Party Products and Services. The inclusion of a reference to Third Party Products and Services in this documentation does not imply endorsement by RIM of the Third Party Products and Services or the third party in any way. EXCEPT TO THE EXTENT SPECIFICALLY PROHIBITED BY APPLICABLE LAW IN YOUR JURISDICTION, ALL CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS, OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, ANY CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS OR WARRANTIES OF DURABILITY, FITNESS FOR A PARTICULAR PURPOSE OR USE, MERCHANTABILITY, MERCHANTABLE QUALITY, NONINFRINGEMENT, SATISFACTORY QUALITY, OR TITLE, OR ARISING FROM A STATUTE OR CUSTOM OR A COURSE OF DEALING OR USAGE OF TRADE, OR RELATED TO THE DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NON-PERFORMANCE
324
Legal notice
OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES REFERENCED HEREIN, ARE HEREBY EXCLUDED. YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY BY STATE OR PROVINCE. SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES AND CONDITIONS. TO THE EXTENT PERMITTED BY LAW, ANY IMPLIED WARRANTIES OR CONDITIONS RELATING TO THE DOCUMENTATION TO THE EXTENT THEY CANNOT BE EXCLUDED AS SET OUT ABOVE, BUT CAN BE LIMITED, ARE HEREBY LIMITED TO NINETY (90) DAYS FROM THE DATE YOU FIRST ACQUIRED THE DOCUMENTATION OR THE ITEM THAT IS THE SUBJECT OF THE CLAIM. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, IN NO EVENT SHALL RIM BE LIABLE FOR ANY TYPE OF DAMAGES RELATED TO THIS DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NONPERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES REFERENCED HEREIN INCLUDING WITHOUT LIMITATION ANY OF THE FOLLOWING DAMAGES: DIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, INDIRECT, SPECIAL, PUNITIVE, OR AGGRAVATED DAMAGES, DAMAGES FOR LOSS OF PROFITS OR REVENUES, FAILURE TO REALIZE ANY EXPECTED SAVINGS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, LOSS OF BUSINESS OPPORTUNITY, OR CORRUPTION OR LOSS OF DATA, FAILURES TO TRANSMIT OR RECEIVE ANY DATA, PROBLEMS ASSOCIATED WITH ANY APPLICATIONS USED IN CONJUNCTION WITH RIM PRODUCTS OR SERVICES, DOWNTIME COSTS, LOSS OF THE USE OF RIM PRODUCTS OR SERVICES OR ANY PORTION THEREOF OR OF ANY AIRTIME SERVICES, COST OF SUBSTITUTE GOODS, COSTS OF COVER, FACILITIES OR SERVICES, COST OF CAPITAL, OR OTHER SIMILAR PECUNIARY LOSSES, WHETHER OR NOT SUCH DAMAGES WERE FORESEEN OR UNFORESEEN, AND EVEN IF RIM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, RIM SHALL HAVE NO OTHER OBLIGATION, DUTY, OR LIABILITY WHATSOEVER IN CONTRACT, TORT, OR OTHERWISE TO YOU INCLUDING ANY LIABILITY FOR NEGLIGENCE OR STRICT LIABILITY. THE LIMITATIONS, EXCLUSIONS, AND DISCLAIMERS HEREIN SHALL APPLY: (A) IRRESPECTIVE OF THE NATURE OF THE CAUSE OF ACTION, DEMAND, OR ACTION BY YOU INCLUDING BUT NOT LIMITED TO BREACH OF CONTRACT, NEGLIGENCE, TORT, STRICT LIABILITY OR ANY OTHER LEGAL THEORY AND SHALL SURVIVE A FUNDAMENTAL BREACH OR BREACHES OR THE FAILURE OF THE ESSENTIAL PURPOSE OF THIS AGREEMENT OR OF ANY REMEDY CONTAINED HEREIN; AND (B) TO RIM AND ITS AFFILIATED COMPANIES, THEIR SUCCESSORS, ASSIGNS, AGENTS, SUPPLIERS (INCLUDING AIRTIME SERVICE PROVIDERS), AUTHORIZED RIM DISTRIBUTORS (ALSO INCLUDING AIRTIME SERVICE PROVIDERS) AND THEIR RESPECTIVE DIRECTORS, EMPLOYEES, AND INDEPENDENT CONTRACTORS. IN ADDITION TO THE LIMITATIONS AND EXCLUSIONS SET OUT ABOVE, IN NO EVENT SHALL ANY DIRECTOR, EMPLOYEE, AGENT, DISTRIBUTOR, SUPPLIER, INDEPENDENT CONTRACTOR OF RIM OR ANY AFFILIATES OF RIM HAVE ANY LIABILITY ARISING FROM OR RELATED TO THE DOCUMENTATION. Prior to subscribing for, installing, or using any Third Party Products and Services, it is your responsibility to ensure that your airtime service provider has agreed to support all of their features. Some airtime service providers might not offer Internet browsing functionality with a subscription to the BlackBerry Internet Service. Check with your service provider for availability, roaming arrangements, service plans and features. Installation or use of Third Party Products and Services with RIM's products and services may require one or more patent, trademark, copyright, or other licenses in order to avoid infringement or violation of third party rights. You are solely responsible for determining whether to use Third Party Products and Services and if any third party licenses are required to do so. If required you are responsible for acquiring them. You should not install or use Third Party Products and Services until all necessary licenses have been acquired. Any Third Party Products and Services that are provided with RIM's products and services are provided as a convenience to you and are provided "AS IS" with no express or implied conditions, endorsements, guarantees, representations, or warranties of any kind by RIM and RIM assumes no liability whatsoever, in relation
325
Legal notice
thereto. Your use of Third Party Products and Services shall be governed by and subject to you agreeing to the terms of separate licenses and other agreements applicable thereto with third parties, except to the extent expressly covered by a license or other agreement with RIM. Certain features outlined in this documentation require a minimum version of BlackBerry Enterprise Server, BlackBerry Desktop Software, and/or BlackBerry Device Software. The terms of use of any RIM product or service are set out in a separate license or other agreement with RIM applicable thereto. NOTHING IN THIS DOCUMENTATION IS INTENDED TO SUPERSEDE ANY EXPRESS WRITTEN AGREEMENTS OR WARRANTIES PROVIDED BY RIM FOR PORTIONS OF ANY RIM PRODUCT OR SERVICE OTHER THAN THIS DOCUMENTATION. Research In Motion Limited 295 Phillip Street Waterloo, ON N2L 3W8 Canada Research In Motion UK Limited Centrum House 36 Station Road Egham, Surrey TW20 9LF United Kingdom Published in Canada
326

Blackberry Enterprise Server Policy Reference Guide T323212 832026 1023123101 001 5.0.1 US

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Blackberry Enterprise Server Policy Reference Guide T323212 832026 1023123101 001 5.0.1 US

Загружено:

Авторское право:

Доступные форматы

BlackBerry Enterprise Server

Version: 5.0 | Service Pack: 1

Policy Reference Guide

313 313 314 315 315 317

Policy Reference Guide

Using IT policy rules on other devices

Medium Password Security

Policy Reference Guide

New IT policy rules in this release

Preconfigured IT policy Medium Security with No 3rd Party Applications

Advanced Security with No 3rd Party Applications

New IT policy rules in this release

Policy Reference Guide

New IT policy rules in this release

Policy Reference Guide

New IT policy rules in this release

BlackBerry Device Software (minimum requirement) 5.0 5.0 5.0 5.0

Policy Reference Guide

Descriptions of IT policy rules

Descriptions of IT policy rules

Auto Backup Exclude Messages IT policy rule

Policy Reference Guide

Desktop Only items

Auto Backup Exclude Synchronization IT policy rule

Auto Backup Frequency IT policy rule

Policy Reference Guide

Desktop Only items

If a user's computer memory is limited, save backup files to a network drive.

Auto Backup Include All IT policy rule

Disable Wireless Calendar IT policy rule

Policy Reference Guide

Desktop Only items

Do Not Save Sent Messages IT policy rule

Force Load Count IT policy rule

Policy Reference Guide

Desktop Only items

Force Load Message IT policy rule

Policy Reference Guide

Desktop Only items

Forward Messages In Cradle IT policy rule

Message Conflict Mailbox Wins IT policy rule

Policy Reference Guide

Desktop Only items

Message Prompt IT policy rule

Show Application Loader IT policy rule

Policy Reference Guide

Desktop Only items

Show Web Link IT policy rule

Synchronize Messages Instead Of Importing IT policy rule

Policy Reference Guide

Desktop Only items

Web Link Label IT policy rule

Web Link URL IT policy rule

Policy Reference Guide

Device Only Items

Device Only Items

Allow Peer-to-Peer Messages IT policy rule

Policy Reference Guide

Device Only Items

Allow SMS IT policy rule

Policy Reference Guide

Device Only Items

Default Browser Config UID IT policy rule