Loading...Blackberry SWD-20120924140022907 User Manual
BlackBerry Enterprise Server for Microsoft Exchange
Version: 5.0
Service Pack: 3
Administration Guide
Published: 2012-09-24
SWD-20120924140022907
Contents |
|
|
1 |
Overview: BlackBerry Enterprise Server ......................................................................................... |
21 |
|
Document revision history ................................................................................................................................................ |
21 |
|
Getting started in your BlackBerry Enterprise Server environment ..................................................................................... |
22 |
2 |
Log in to the BlackBerry Administration Service for the first time .................................................... |
26 |
|
There is a problem with this website's security certificate .................................................................................................. |
26 |
|
This connection is untrusted ............................................................................................................................................. |
27 |
3 |
Creating administrator accounts .................................................................................................... |
29 |
|
Administrative roles and permissions ................................................................................................................................ |
29 |
|
Preconfigured administrative roles ............................................................................................................................. |
29 |
|
Creating roles ................................................................................................................................................................... |
34 |
|
Create a role .............................................................................................................................................................. |
34 |
|
Create a role based on an existing role ........................................................................................................................ |
35 |
|
Create an administrator account ....................................................................................................................................... |
35 |
|
Add an administrator account to a group .......................................................................................................................... |
36 |
|
Specify an email address for the BlackBerry Administration Service .................................................................................. |
37 |
|
Permit an administrator to log in to the BlackBerry Administration Service using a messaging server account .................... |
37 |
|
Assign a BlackBerry device to an administrator account .................................................................................................... |
38 |
4 |
Using an IT policy to manage BlackBerry Enterprise Solution security ............................................ |
39 |
|
Using IT policy rules to manage BlackBerry Enterprise Solution security ............................................................................ |
39 |
|
Preconfigured IT policies .................................................................................................................................................. |
40 |
|
Default values for preconfigured IT policies ................................................................................................................ |
41 |
|
Creating and importing IT policies ..................................................................................................................................... |
44 |
|
Create an IT policy ..................................................................................................................................................... |
44 |
|
Create an IT policy based on an existing IT policy ........................................................................................................ |
45 |
|
Import IT policy data .................................................................................................................................................. |
45 |
|
Import IT policy rules from an IT policy pack ............................................................................................................... |
46 |
|
Change the value for an IT policy rule ................................................................................................................................ |
46 |
|
Assign an IT policy to a group ............................................................................................................................................ |
47 |
|
Assign an IT policy to a user account ................................................................................................................................. |
47 |
|
Sending an IT policy over the wireless network .................................................................................................................. |
48 |
|
Resend an IT policy to a BlackBerry device manually .................................................................................................. |
48 |
|
Resend an IT policy to a BlackBerry device automatically ........................................................................................... |
48 |
|
Assigning IT policies and resolving IT policy conflicts ......................................................................................................... |
49 |
|
Option 1: Applying one IT policy to each user account ................................................................................................ |
50 |
|
Option 2: Applying multiple IT policies to each user account ....................................................................................... |
51 |
|
View the resolved IT policy rules that are assigned to a user account ........................................................................... |
54 |
|
Deactivating BlackBerry devices that do not have IT policies applied ................................................................................. |
54 |
|
Deactivate BlackBerry devices that do not have IT policies applied ............................................................................. |
55 |
|
Creating new IT policy rules to control third-party applications ........................................................................................... |
55 |
|
Create an IT policy rule for a third-party application .................................................................................................... |
55 |
|
Change or delete IT policy rules for third-party applications ........................................................................................ |
56 |
|
Export all IT policy data to a data file ................................................................................................................................. |
56 |
|
Delete an IT policy ............................................................................................................................................................ |
57 |
5 |
Configuring security options .......................................................................................................... |
58 |
|
Encrypting data that the BlackBerry Enterprise Server and a BlackBerry device send to each other ................................... |
58 |
|
Algorithms that the BlackBerry Enterprise Solution uses to encrypt data ..................................................................... |
58 |
|
Change the symmetric key encryption algorithm that the BlackBerry Enterprise Solution uses .................................... |
59 |
|
Managing device access to the BlackBerry Enterprise Server ............................................................................................ |
59 |
|
Turn on the Enterprise Service Policy ......................................................................................................................... |
60 |
|
Configure the Enterprise Service Policy ...................................................................................................................... |
60 |
|
Permit a user to override the Enterprise Service Policy ................................................................................................ |
61 |
|
Extending messaging security to a BlackBerry device ........................................................................................................ |
61 |
|
Extending messaging security using PGP encryption .................................................................................................. |
61 |
|
Extending messaging security using S/MIME encryption ............................................................................................. |
62 |
|
Enforcing secure messaging using classifications .............................................................................................................. |
65 |
|
Create a message classification ................................................................................................................................. |
65 |
|
Create a message classification based on an existing message classification .............................................................. |
66 |
|
Order message classifications .................................................................................................................................... |
66 |
|
Delete a message classification .................................................................................................................................. |
67 |
|
Generating organization-specific encryption keys for PIN-message encryption .................................................................. |
67 |
|
Generate a PIN encryption key ................................................................................................................................... |
67 |
|
Turn off BlackBerry services that the BlackBerry MDS Connection Service, BlackBerry Collaboration Service, and |
|
|
BlackBerry MVS provide ................................................................................................................................................... |
68 |
|
When a BlackBerry device overwrites data in the BlackBerry device memory ..................................................................... |
68 |
|
Changing when a BlackBerry device cleans the BlackBerry device memory ................................................................ |
69 |
|
Best practice: Configuring additional memory cleaner settings for BlackBerry devices ................................................ |
70 |
6 |
Configuring the BlackBerry Enterprise Server environment ............................................................ |
71 |
|
Best practice: Running the BlackBerry Enterprise Server .................................................................................................. |
71 |
|
Configuring certain BlackBerry Enterprise Server components to use proxy servers ........................................................... |
72 |
|
Configure a BlackBerry Enterprise Server component to use a .pac file ....................................................................... |
72 |
|
Configure a BlackBerry Enterprise Server component to use a proxy server ................................................................. |
73 |
|
Configure a BlackBerry Enterprise Server component to authenticate to a proxy server on behalf of BlackBerry |
|
|
devices ...................................................................................................................................................................... |
74 |
|
Configuring the BlackBerry Administration Service to use a proxy server ............................................................................ |
74 |
|
Configuring proxy selection for the BlackBerry Administration Service ........................................................................ |
75 |
|
Configuring the BlackBerry Administration Service to authenticate with a proxy server ................................................ |
77 |
|
Configuring multiple BlackBerry Enterprise Server instances to use the same BlackBerry Enterprise Server component ..... |
79 |
|
Configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry MDS Connection Service ........ |
79 |
|
Configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry Collaboration Service ............. |
80 |
|
Configuring support for Unicode languages ....................................................................................................................... |
80 |
|
Configure support for Unicode languages ................................................................................................................... |
80 |
|
Change the character encoding that the BlackBerry Enterprise Server uses to send Unicode messages ...................... |
81 |
|
Configure support for Unicode text in calendars on BlackBerry devices in a Microsoft Exchange environment ............. |
82 |
7 |
Configuring user accounts ............................................................................................................. |
84 |
|
Creating user groups ........................................................................................................................................................ |
84 |
|
Create a group to manage similar user accounts ......................................................................................................... |
84 |
|
Add user accounts to a group ..................................................................................................................................... |
84 |
|
Adding a user account to the BlackBerry Enterprise Server ............................................................................................... |
85 |
|
Add a user account .................................................................................................................................................... |
85 |
|
Create a user account that is not in the contact list in the BlackBerry Configuration Database ..................................... |
86 |
|
Export a list of user accounts ...................................................................................................................................... |
87 |
|
Importing a list of user accounts to a BlackBerry Enterprise Server ............................................................................. |
87 |
8 |
Assigning BlackBerry devices to users ........................................................................................... |
91 |
|
Preparing to distribute a BlackBerry device ....................................................................................................................... |
91 |
|
Change how the BlackBerry Enterprise Server downloads a user's existing email messages onto the BlackBerry |
|
|
device ....................................................................................................................................................................... |
91 |
|
Prevent the BlackBerry Enterprise Server from synchronizing existing email messages onto a BlackBerry device ........ |
92 |
|
Assigning BlackBerry devices to user accounts ................................................................................................................. |
92 |
|
Option 1: Activate a BlackBerry device using the BlackBerry Administration Service ................................................... |
93 |
|
Option 2: Activating a BlackBerry device over the wireless network ............................................................................. |
94 |
|
Option 3: Activating BlackBerry devices over the LAN ................................................................................................. |
97 |
|
Option 4: Activating BlackBerry devices using the BlackBerry Web Desktop Manager ................................................. |
98 |
|
Option 5: Activating BlackBerry devices over an enterprise Wi-Fi network ................................................................... |
98 |
9 |
Configuring BlackBerry Enterprise Server high availability ............................................................ |
101 |
|
Check the health of a BlackBerry Enterprise Server ......................................................................................................... |
101 |
|
Availability state and failover status of the BlackBerry Enterprise Server ................................................................... |
101 |
|
How the BlackBerry Enterprise Server uses health parameters ........................................................................................ |
102 |
|
Defining when failover occurs .................................................................................................................................. |
102 |
|
Changing the promotion threshold and failover threshold ................................................................................................ |
104 |
|
Change the promotion threshold and failover threshold and the order of the health parameters ................................ |
104 |
|
Changing when automatic failover occurs by customizing the health parameters for user accounts and messaging |
|
|
servers .................................................................................................................................................................... |
106 |
|
Prerequisites: Configuring the BlackBerry Enterprise Server pair to fail over automatically ............................................... |
108 |
|
Configure the BlackBerry Enterprise Server to fail over automatically ............................................................................... |
108 |
|
Monitoring the BlackBerry Enterprise Server for an automatic failover event .................................................................... |
109 |
|
Use the BlackBerry Administration Service to find the time and reason for the last automatic failover event ............... |
109 |
|
Fail over the BlackBerry Enterprise Server manually using the BlackBerry Administration Service .................................... |
109 |
|
Fail over the BlackBerry Enterprise Server manually using the BlackBerry Configuration Panel ........................................ |
110 |
10 |
Configuring high availability for BlackBerry Enterprise Server components ................................... |
111 |
|
Creating a BlackBerry MDS Connection Service pool for high availability .......................................................................... |
111 |
|
Create a BlackBerry MDS Connection Service pool for high availability ...................................................................... |
111 |
|
Configure the BlackBerry MDS Connection Service and BlackBerry Collaboration Service to fail over automatically .......... |
112 |
|
Create a BlackBerry Collaboration Service pool for high availability .................................................................................. |
113 |
|
Create a BlackBerry Attachment Service pool for high availability .................................................................................... |
114 |
|
You cannot determine the BlackBerry Attachment Connector that the BlackBerry Enterprise Server or the |
|
|
BlackBerry MDS Connection Service uses ................................................................................................................ |
115 |
|
Create a BlackBerry Router pool for high availability ........................................................................................................ |
116 |
|
Permit a BlackBerry Enterprise Server to connect to a remote BlackBerry Router ..................................................... |
117 |
|
Creating a BlackBerry Administration Service pool that includes the BlackBerry Web Desktop Manager using DNS |
|
|
round robin .................................................................................................................................................................... |
118 |
|
Configure the BlackBerry Administration Service instances in a pool to communicate across network subnets .......... |
119 |
|
Changing the name of the BlackBerry Administration Service pool .................................................................................. |
119 |
|
Change the name of the BlackBerry Administration Service pool .............................................................................. |
120 |
|
Fail over the BlackBerry MDS Connection Service or BlackBerry Collaboration Service manually ..................................... |
120 |
|
Monitoring the high availability status or job deployment status using the BlackBerry Administration Service ................... |
121 |
|
Monitor the high availability status or job deployment status using the BlackBerry Administration Service ................. |
122 |
|
Remove a BlackBerry MDS Connection Service instance from a pool ............................................................................... |
122 |
|
Remove a BlackBerry Collaboration Service instance from a pool .................................................................................... |
123 |
|
Remove a BlackBerry Attachment Service instance from a pool ...................................................................................... |
123 |
|
Remove a BlackBerry Router instance from a pool .......................................................................................................... |
124 |
11 |
Configuring BlackBerry Configuration Database high availability .................................................. |
125 |
|
Prerequisites: Configuring database mirroring or database replication of the BlackBerry Configuration Database ............. |
125 |
|
Configuring database mirroring ....................................................................................................................................... |
126 |
|
Stop the BlackBerry Enterprise Server instances ...................................................................................................... |
126 |
|
Configure database mirroring for the BlackBerry Configuration Database ................................................................. |
127 |
|
Start the BlackBerry Enterprise Server instances ...................................................................................................... |
127 |
|
Configure the BlackBerry Enterprise Solution to support database mirroring ............................................................. |
128 |
|
Resend the database mirroring parameters to BlackBerry Enterprise Server components ......................................... |
129 |
|
Configuring the BlackBerry Configuration Database for one-way transactional replication in an environment that |
|
|
includes Microsoft SQL Server 2005 or 2008 ................................................................................................................... |
130 |
|
Stop the BlackBerry Enterprise Server instances ...................................................................................................... |
130 |
|
Create the replicated BlackBerry Configuration Database from a backup .................................................................. |
130 |
|
Permit access to the BlackBerry Configuration Database instances .......................................................................... |
131 |
|
Configure the publication for the BlackBerry Configuration Database ....................................................................... |
131 |
|
Increase the maximum data size for transactional replication ................................................................................... |
132 |
|
Prepare the database server that hosts the replicated BlackBerry Configuration Database and configure the |
|
|
subscription ............................................................................................................................................................ |
133 |
|
Start the BlackBerry Enterprise Server instances ...................................................................................................... |
134 |
|
Reacting if the BlackBerry Configuration Database that you configured for transactional replication stops responding ..... |
134 |
|
Return to the BlackBerry Configuration Database when you configured transactional replication ..................................... |
135 |
|
Configuring a new mirror BlackBerry Configuration Database .......................................................................................... |
135 |
12 |
Sending software and BlackBerry Java Applications to BlackBerry devices ................................... |
136 |
|
Managing BlackBerry Java Applications and BlackBerry Device Software ........................................................................ |
136 |
|
Developing BlackBerry Java Applications for BlackBerry devices ..................................................................................... |
137 |
|
Preparing to distribute BlackBerry Java Applications ....................................................................................................... |
137 |
|
Specify a shared network folder for BlackBerry Java Applications ............................................................................. |
138 |
|
Add a BlackBerry Java Application to the application repository ............................................................................... |
139 |
|
Add a collaboration client to the application repository ............................................................................................. |
139 |
|
Specify keywords for a BlackBerry Java Application .................................................................................................. |
140 |
|
Configuring application control policies ........................................................................................................................... |
140 |
|
Standard application control policies ....................................................................................................................... |
140 |
|
Change a standard application control policy ........................................................................................................... |
141 |
|
Create custom application control policies for a BlackBerry Java Application ............................................................ |
141 |
|
IT policy rules take precedence on smartphones ...................................................................................................... |
143 |
|
Application control policies for unlisted applications ....................................................................................................... |
143 |
|
Change the standard application control policy for unlisted applications that are optional ......................................... |
143 |
|
Create an application control policy for unlisted applications .................................................................................... |
144 |
|
Configure the priority of application control policies for unlisted applications ............................................................ |
144 |
|
Creating software configurations ..................................................................................................................................... |
145 |
|
Create a software configuration ................................................................................................................................ |
146 |
|
Add a BlackBerry Java Application to a software configuration ................................................................................. |
146 |
|
Assign a software configuration to a group ................................................................................................................ |
147 |
|
Assign a software configuration to multiple user accounts ........................................................................................ |
148 |
|
Assign a software configuration to a user account ..................................................................................................... |
148 |
|
Install BlackBerry Java Applications on a BlackBerry device at a central computer .......................................................... |
149 |
|
View the status of a job ................................................................................................................................................... |
150 |
|
View the status of a task ........................................................................................................................................... |
150 |
|
Stopping a job that is running .......................................................................................................................................... |
158 |
|
Stop a job that is running ......................................................................................................................................... |
159 |
|
View the users that have a BlackBerry Java Application installed on their BlackBerry devices .......................................... |
159 |
|
View how the BlackBerry Administration Service resolved software configuration conflicts for a user account ................... |
160 |
|
Reconciliation rules for conflicting settings in software configurations ............................................................................. |
161 |
|
Reconciliation rules: BlackBerry Java Applications ................................................................................................... |
162 |
|
Reconciliation rules: BlackBerry Device Software ..................................................................................................... |
164 |
|
Reconciliation rules: Standard application settings ................................................................................................... |
165 |
|
Reconciliation rules: Application control policies ...................................................................................................... |
166 |
|
Reconciliation rules: Application control policies for unlisted applications ................................................................. |
166 |
13 |
Alternative methods for installing BlackBerry Java Applications on BlackBerry devices ................ |
168 |
|
Installing BlackBerry Java Applications on BlackBerry devices without using the BlackBerry Administration Service ........ |
168 |
|
Developing BlackBerry Java Applications for BlackBerry devices ..................................................................................... |
168 |
|
Methods you can use to install BlackBerry Java Applications on BlackBerry devices ........................................................ |
169 |
|
Installing BlackBerry Java Applications using the BlackBerry Desktop Software ............................................................... |
170 |
|
Prerequisites: Installing BlackBerry Java Applications using the BlackBerry Desktop Software .................................. |
170 |
|
Make the BlackBerry Java Application available to the BlackBerry Desktop Software ................................................ |
171 |
|
Install the BlackBerry Java Application using the BlackBerry Desktop Software ........................................................ |
171 |
|
Installing BlackBerry Java Applications using the BlackBerry Application Web Loader ..................................................... |
172 |
|
Prerequisites: Installing BlackBerry Java Applications using the BlackBerry Application Web Loader ........................ |
172 |
|
Enable the BlackBerry Application Web Loader on a web server ............................................................................... |
173 |
|
Install the BlackBerry Java Application using the BlackBerry Application Web Loader ............................................... |
174 |
|
Installing BlackBerry Java Applications using the standalone application loader tool ........................................................ |
174 |
|
Prerequisites: Installing BlackBerry Java Applications using the standalone application loader tool ........................... |
175 |
|
Add BlackBerry Java Application files to a shared network folder .............................................................................. |
176 |
|
Share the Research In Motion folder that contains the BlackBerry Java Application .................................................. |
176 |
|
Configure the standalone application loader tool to install the BlackBerry Java Application in automated mode ......... |
177 |
|
Install the BlackBerry Java Application using the standalone application loader tool ................................................. |
177 |
|
Installing BlackBerry Java Applications using a web browser on BlackBerry devices ........................................................ |
178 |
|
Prerequisites: Installing BlackBerry Java Applications using a web browser on BlackBerry devices ............................ |
178 |
|
Install the BlackBerry Java Application on a web server ............................................................................................ |
179 |
|
Install the BlackBerry Java Application using a web browser on the BlackBerry device .............................................. |
179 |
14 |
Configuring how users access enterprise applications and web content ....................................... |
180 |
|
Specifying a BlackBerry MDS Connection Service as a central push server ...................................................................... |
180 |
|
Specify a BlackBerry MDS Connection Service as a central push server .................................................................... |
181 |
|
Configuring how BlackBerry devices authenticate to content servers ............................................................................... |
181 |
|
Configure how BlackBerry devices authenticate to content servers ........................................................................... |
181 |
|
Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use |
|
|
NTLM ...................................................................................................................................................................... |
182 |
|
Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use |
|
|
Kerberos ................................................................................................................................................................. |
183 |
|
Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use |
|
|
LTPA ....................................................................................................................................................................... |
183 |
|
Configuring the BlackBerry MDS Connection Service to authenticate devices to the RSA Authentication Manager ..... |
184 |
|
Configuring how the BlackBerry MDS Connection Service manages requests for web content .......................................... |
186 |
|
Configure the BlackBerry MDS Connection Service to manage HTTP cookie storage ................................................. |
186 |
|
Configure the timeout limit for HTTP connections with BlackBerry devices ............................................................... |
187 |
|
Configure the timeout limit for HTTP connections with web servers ........................................................................... |
187 |
|
Configure the maximum number of times that the BlackBerry Browser accepts HTTP redirections ............................ |
188 |
|
Permitting push applications to make trusted connections to a BlackBerry MDS Connection Service ............................... |
188 |
|
Create a key store to store certificates for use with HTTPS connections ..................................................................... |
189 |
|
Add a certificate for the BlackBerry MDS Connection Service ................................................................................... |
189 |
|
Export the BlackBerry MDS Connection Service certificate to make it available to push applications ......................... |
190 |
|
Import the BlackBerry MDS Connection Service certificate to the key store of a push application .............................. |
190 |
|
Permit push applications to select the transport protocol for PAP requests ...................................................................... |
191 |
|
Configuring a BlackBerry MDS Connection Service to trust web servers ........................................................................... |
191 |
|
Specify whether the BlackBerry MDS Connection Service requires trusted HTTPS connections from web servers ...... |
192 |
|
Specify whether the BlackBerry MDS Connection Service requires trusted TLS connections from web servers ........... |
192 |
|
Configuring certificate server information for the BlackBerry MDS Connection Service .............................................. |
193 |
|
Add a retrieved certificate for a web server to the key store ....................................................................................... |
200 |
|
Permitting users to access intranet sites on BlackBerry devices using global login information ......................................... |
200 |
|
Configure global login information for intranet site access ......................................................................................... |
201 |
|
Configuring how the BlackBerry MDS Connection Service connects to BlackBerry devices .............................................. |
201 |
|
Specify the maximum amount of data that a BlackBerry MDS Connection Service can send to BlackBerry devices .... |
201 |
|
Specify the pending content timeout limit for a BlackBerry MDS Connection Service ................................................. |
202 |
|
Permit Java applications to use scalable socket connections with a BlackBerry MDS Connection Service .................. |
202 |
|
Specify the thread pool size of a BlackBerry MDS Connection Service ....................................................................... |
202 |
|
Specify the maximum number of scalable socket connections .................................................................................. |
203 |
|
Prevent the BlackBerry MDS Connection Service from using scalable HTTP ............................................................. |
203 |
|
Specify the port number that the web server listens on for push application requests ................................................ |
204 |
|
Specify how often a BlackBerry MDS Connection Service polls for configuration information ..................................... |
205 |
15 |
Setting up the messaging environment ........................................................................................ |
206 |
|
Creating email message filters ........................................................................................................................................ |
206 |
|
Create an email message filter that applies to all user accounts on a BlackBerry Enterprise Server ............................ |
206 |
|
Turn on an email message filter that applies to all user accounts on a BlackBerry Enterprise Server .......................... |
207 |
|
Create an email message filter that applies to a specific user account ....................................................................... |
207 |
|
Turn on an email message filter that applies to a specific user account ..................................................................... |
208 |
|
Copying existing email message filters to another BlackBerry Enterprise Server ............................................................... |
209 |
|
Export email message filters for a BlackBerry Enterprise Server ................................................................................ |
209 |
|
Import email message filters for a BlackBerry Enterprise Server ................................................................................ |
209 |
|
Copying existing email message filters to user accounts .................................................................................................. |
210 |
|
Export email message filters for a user account ........................................................................................................ |
210 |
|
Import email message filters for a user account ........................................................................................................ |
210 |
|
Extension plug-ins for processing messages .................................................................................................................... |
211 |
|
Install an extension plug-in application ..................................................................................................................... |
211 |
|
Add an extension plug-in to a BlackBerry Messaging Agent ...................................................................................... |
212 |
|
Change how a BlackBerry Messaging Agent uses extension plug-ins ......................................................................... |
213 |
|
Mapping contact information fields for synchronization and contact lookups ................................................................... |
214 |
|
Map a contact information field in an email application to contact list fields on BlackBerry devices ........................... |
214 |
|
Map a contact list field in an email application to a contact list field on a BlackBerry device ...................................... |
214 |
|
Map a contact information field in an email application to contact list fields on BlackBerry devices ........................... |
215 |
|
Map a contact list field in an email application to a contact list field on a BlackBerry device ...................................... |
215 |
16 |
Configuring BlackBerry devices to enroll certificates over the wireless network ............................. |
217 |
|
Configure the certificate information using IT policies ...................................................................................................... |
217 |
|
Configure the BlackBerry MDS Connection Service to connect to the certificate authority ................................................ |
218 |
|
Add communication information to a BlackBerry MDS Connection Service configuration set ..................................... |
219 |
|
Assign a BlackBerry MDS Connection Service configuration set to a BlackBerry MDS Connection Service instance ... |
220 |
|
Add certificate information to a Wi-Fi profile .................................................................................................................... |
221 |
|
Managing an enrolled certificate ..................................................................................................................................... |
221 |
|
Change the polling interval, logging, and pool size for the BlackBerry MDS Connection Service connection to the |
|
|
certificate authority ........................................................................................................................................................ |
222 |
|
Properties in the rimpublic.properties file ................................................................................................................. |
223 |
17 |
Making the BlackBerry Web Desktop Manager available to users ................................................. |
224 |
|
Installing the client components of the BlackBerry Web Desktop Manager on users' computers ....................................... |
224 |
|
Publish the client files for the BlackBerry Web Desktop Manager in a Windows GPO for Windows XP ................................ |
225 |
|
Publish the client files for the BlackBerry Web Desktop Manager in a Windows GPO for Windows Vista ............................. |
226 |
|
Configure the Microsoft ActiveX Installer on Windows Vista ....................................................................................... |
227 |
|
Configure users' computers to install the client file for the BlackBerry Web Desktop Manager automatically .................... |
227 |
|
Make the BlackBerry Web Desktop Manager available to users ....................................................................................... |
229 |
18 |
Configuring the BlackBerry Web Desktop Manager ...................................................................... |
230 |
|
Permit users to perform administrative tasks using the BlackBerry Web Desktop Manager ............................................... |
230 |
|
Permit users to activate devices using the BlackBerry Web Desktop Manager .................................................................. |
231 |
|
Permit users to back up and restore data using the BlackBerry Web Desktop Manager .................................................... |
231 |
|
Configure the domains for backing up data using the BlackBerry Web Desktop Manager ................................................. |
232 |
|
Change the text colors in the BlackBerry Web Desktop Manager ..................................................................................... |
232 |
|
BlackBerry Web Desktop Manager text colors .......................................................................................................... |
233 |
|
Display a custom image in the BlackBerry Web Desktop Manager ................................................................................... |
234 |
|
Display the domain name on the login page of the BlackBerry Web Desktop Manager ...................................................... |
234 |
19 |
Creating and configuring Wi-Fi profiles and VPN profiles .............................................................. |
235 |
|
Creating and configuring Wi-Fi profiles ............................................................................................................................ |
235 |
|
Prerequisites: Creating Wi-Fi profiles and VPN profiles ............................................................................................. |
235 |
|
Create a Wi-Fi profile ............................................................................................................................................... |
237 |
|
Create a Wi-Fi profile based on an existing Wi-Fi profile ............................................................................................ |
237 |
|
Configure a Wi-Fi profile on a BlackBerry device ....................................................................................................... |
238 |
|
Assign a Wi-Fi profile to a group ............................................................................................................................... |
238 |
|
Assign a Wi-Fi profile to a user account .................................................................................................................... |
238 |
|
Configure a Wi-Fi profile ........................................................................................................................................... |
239 |
|
Creating and configuring VPN profiles ............................................................................................................................. |
239 |
|
Create a VPN profile ................................................................................................................................................ |
240 |
|
Create a VPN profile based on an existing VPN profile ............................................................................................... |
240 |
|
Configure a VPN profile ............................................................................................................................................ |
240 |
|
Assign a VPN profile to a group ................................................................................................................................ |
241 |
|
Assign a VPN profile to a user account ..................................................................................................................... |
241 |
|
Associate a VPN profile with a Wi-Fi profile ............................................................................................................... |
242 |
|
Delete a Wi-Fi profile ...................................................................................................................................................... |
242 |
|
Delete a VPN profile ....................................................................................................................................................... |
243 |
|
Importing profile information from a .csv file .................................................................................................................... |
243 |
|
Best practices: Creating a .csv file that contains profile information that you want to import ...................................... |
243 |
|
Create a .csv file that contains profile information that you want to import ................................................................. |
244 |
|
Import profile information from a .csv file .................................................................................................................. |
246 |
20 |
Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices ........... |
247 |
|
Configuring WEP encryption ........................................................................................................................................... |
247 |
|
Configure WEP keys for BlackBerry devices using a Wi-Fi profile ............................................................................... |
247 |
|
Configuring PSK encryption ............................................................................................................................................ |
248 |
|
Configure PSK encryption data for BlackBerry devices using a Wi-Fi profile ............................................................... |
249 |
|
Configuring LEAP authentication .................................................................................................................................... |
249 |
|
Configure LEAP authentication data for BlackBerry devices using a Wi-Fi profile ....................................................... |
250 |
|
Configuring PEAP authentication .................................................................................................................................... |
250 |
|
Configure PEAP authentication data for BlackBerry devices using a Wi-Fi profile ....................................................... |
251 |
|
Prerequisites: Distributing a certificate using the BlackBerry Desktop Manager ........................................................ |
252 |
|
Distribute a certificate using the BlackBerry Desktop Manager ................................................................................. |
252 |
|
Configure PEAP configuration settings in the Wi-Fi profile on a BlackBerry device ..................................................... |
253 |
|
Configuring EAP-TLS authentication ............................................................................................................................... |
254 |
|
Configure EAP-TLS authentication data for BlackBerry devices using a Wi-Fi profile .................................................. |
255 |
|
Configure EAP-TLS configuration settings in the Wi-Fi profile on a BlackBerry device ................................................ |
256 |
|
Configuring EAP-TTLS authentication ............................................................................................................................. |
256 |
|
Configure EAP-TTLS authentication data for BlackBerry devices using a Wi-Fi profile ................................................ |
257 |
|
Configure EAP-TTLS configuration settings in the Wi-Fi profile on a BlackBerry device .............................................. |
258 |
|
Configuring EAP-FAST authentication ............................................................................................................................. |
259 |
|
Configure EAP-FAST authentication ......................................................................................................................... |
259 |
|
Send EAP-FAST authentication data to a BlackBerry device using a Wi-Fi profile ...................................................... |
260 |
|
Configure EAP-FAST configuration settings in the Wi-Fi profile on BlackBerry devices ............................................... |
261 |
21 |
Configuring software tokens for BlackBerry devices ..................................................................... |
262 |
|
Prerequisites: Configuring BlackBerry devices for RSA authentication ............................................................................. |
262 |
|
Configure BlackBerry devices for RSA authentication ...................................................................................................... |
263 |
|
Configure RSA authentication over a Wi-Fi network using a software token ...................................................................... |
264 |
|
Configure RSA authentication over a VPN network using a software token ....................................................................... |
264 |
|
Assign software tokens to a user account ........................................................................................................................ |
265 |
22 |
Changing the security settings of the BlackBerry Administration Service and BlackBerry Web |
|
|
Desktop Manager ........................................................................................................................ |
266 |
|
Import a new SSL certificate for the BlackBerry Administration Service and BlackBerry Web Desktop Manager ................ |
266 |
|
Configuring Microsoft Active Directory authentication in an environment that includes a resource forest .......................... |
267 |
|
Change the information for Microsoft Active Directory authentication ....................................................................... |
268 |
|
Configuring single sign-on authentication for the BlackBerry Administration Service and BlackBerry Web Desktop |
|
|
Manager ........................................................................................................................................................................ |
269 |
|
Configure constrained delegation for the Microsoft Active Directory account to support single sign-on |
|
|
authentication ......................................................................................................................................................... |
270 |
|
Turn on single sign-on authentication for the BlackBerry Administration Service ....................................................... |
270 |
|
BlackBerry Administration Service web addresses and BlackBerry Web Desktop Manager web addresses that |
|
|
support BlackBerry Administration Service single sign-on ......................................................................................... |
271 |
|
Changing password settings for BlackBerry Administration Service authentication .......................................................... |
272 |
|
Change password settings for BlackBerry Administration Service authentication ...................................................... |
272 |
|
Regenerate the system credentials for the BlackBerry Administration Service ................................................................. |
273 |
23 |
Protecting and redistributing devices ........................................................................................... |
274 |
|
Preparing a device for redistribution to a new user .......................................................................................................... |
274 |
|
Use the BlackBerry Administration Service to delete user data and assign the device to a new user ........................... |
274 |
|
Use the BlackBerry Administration Service to delete device data and disable the device before assigning the |
|
|
device to a new user ................................................................................................................................................ |
275 |
|
Deleting only work data from a device ............................................................................................................................. |
275 |
|
Delete only work data from a device ......................................................................................................................... |
277 |
|
Using IT administration commands to protect a lost or stolen device ............................................................................... |
278 |
|
Protect a stolen device ............................................................................................................................................. |
279 |
|
Protect a lost device ................................................................................................................................................ |
279 |
|
Protect a lost device that a user might not recover .................................................................................................... |
280 |
24 |
Managing administrator accounts ............................................................................................... |
282 |
|
Change role permissions ................................................................................................................................................ |
282 |
|
Change the roles for an administrator account ................................................................................................................ |
282 |
|
Delete a role ................................................................................................................................................................... |
283 |
|
Delete an administrator account ..................................................................................................................................... |
283 |
25 |
Managing groups and user accounts ........................................................................................... |
285 |
|
Managing groups ............................................................................................................................................................ |
285 |
|
Using default groups to manage user accounts and administrator accounts .............................................................. |
285 |
|
Remove a user account from a group ....................................................................................................................... |
286 |
|
Change the properties of a group ............................................................................................................................. |
287 |
|
Rename a group ...................................................................................................................................................... |
287 |
|
Delete a group ......................................................................................................................................................... |
287 |
|
Managing user accounts ................................................................................................................................................. |
288 |
|
Move a user account to a different group .................................................................................................................. |
288 |
|
Move a user account from one BlackBerry Enterprise Server to another .................................................................... |
289 |
|
Delete a user account from the BlackBerry Enterprise Server ................................................................................... |
289 |
|
Update a user account manually .............................................................................................................................. |
290 |
|
Add an administrator role to a user account ............................................................................................................. |
290 |
|
Update the contact list manually .............................................................................................................................. |
290 |
|
Resend service books to a BlackBerry device ........................................................................................................... |
291 |
26 |
Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device |
|
|
settings to BlackBerry devices ..................................................................................................... |
292 |
|
Managing the default distribution settings for jobs ........................................................................................................... |
292 |
|
Change default settings for a job schedule ............................................................................................................... |
292 |
|
Change how IT policies are sent to BlackBerry devices ............................................................................................. |
293 |
|
Change how to install, update, or remove BlackBerry Java Applications .................................................................... |
294 |
|
Change how to install or update the BlackBerry Device Software .............................................................................. |
296 |
|
Change how the BlackBerry Enterprise Server sends standard application settings to BlackBerry devices ................. |
297 |
|
Managing the distribution settings for a specific job ........................................................................................................ |
298 |
|
Specify the start time and priority for a job ................................................................................................................ |
299 |
|
Change how a job sends IT policies to BlackBerry devices ........................................................................................ |
299 |
|
Change how a job sends BlackBerry Java Applications to BlackBerry devices ........................................................... |
300 |
|
Change how a job sends the BlackBerry Device Software to BlackBerry devices ........................................................ |
302 |
|
Change how a job sends standard application settings to BlackBerry devices ........................................................... |
303 |
|
Managing BlackBerry Java Applications on BlackBerry devices ....................................................................................... |
304 |
|
Make a BlackBerry Java Application unavailable for installation ................................................................................ |
304 |
|
Remove a BlackBerry Java Application from BlackBerry devices over the wireless network ....................................... |
305 |
|
Managing software configurations .................................................................................................................................. |
306 |
|
Remove a software configuration from a group ......................................................................................................... |
306 |
|
Remove a software configuration from multiple user accounts .................................................................................. |
306 |
|
Remove a software configuration from a user account .............................................................................................. |
307 |
|
Delete a software configuration ................................................................................................................................ |
307 |
27 |
Managing how users access enterprise applications and web content .......................................... |
308 |
|
Restricting user access to content on web servers ........................................................................................................... |
308 |
|
Restrict requests for content on web servers from BlackBerry devices ...................................................................... |
308 |
|
Specify web address patterns .................................................................................................................................. |
309 |
|
Create a pull rule ..................................................................................................................................................... |
309 |
|
Restrict or permit web addresses and Intranet addresses using a pull rule ................................................................ |
310 |
|
Assign a pull rule to the members of a group ............................................................................................................ |
311 |
|
Assign a pull rule to user accounts ........................................................................................................................... |
311 |
|
Restricting user access to media content in the BlackBerry Browser ............................................................................... |
312 |
|
Prevent users from accessing specific media types .................................................................................................. |
312 |
|
Configure download limits for media content types ................................................................................................... |
312 |
|
Default download limits for media content types ....................................................................................................... |
313 |
|
Configuring Integrated Windows authentication so that users can access resources on your organization's network ......... |
314 |
|
Configuring the Microsoft Active Directory account to delegate access ..................................................................... |
315 |
|
Configuring the BlackBerry MDS Connection Service when the messaging server is located in a remote Microsoft |
|
|
Active Directory domain ........................................................................................................................................... |
317 |
|
Turn on Integrated Windows authentication so that users can access resources on your organization's network ........ |
318 |
|
Restricting the push application content that users can receive ....................................................................................... |
320 |
|
Restrict push applications from sending data to BlackBerry devices ......................................................................... |
320 |
|
Create push initiators for push applications .............................................................................................................. |
320 |
|
Turn on push authorization ...................................................................................................................................... |
321 |
|
Create a push rule ................................................................................................................................................... |
322 |
|
Assign push initiators to a push rule ......................................................................................................................... |
322 |
|
Assign a push rule to the members of a group ........................................................................................................... |
323 |
|
Assign a push rule to user accounts ......................................................................................................................... |
323 |
|
Encrypt push requests that push applications send to BlackBerry devices ................................................................ |
324 |
|
Managing push application requests ............................................................................................................................... |
324 |
|
Specify device ports for application-reliable push requests ....................................................................................... |
324 |
|
Store push application requests in the BlackBerry Configuration Database ............................................................... |
325 |
|
Configure the settings for storing push requests in the BlackBerry Configuration Database ....................................... |
326 |
|
Configure the maximum number of active connections that a BlackBerry MDS Connection Service can process ........ |
326 |
|
Configure the maximum number of queued connections that a BlackBerry MDS Connection Service can process ..... |
327 |
28 |
Managing organizer data synchronization .................................................................................... |
328 |
|
Managing the wireless backup and recovery of organizer data ......................................................................................... |
328 |
|
Turn off the wireless backup of organizer data for a user account .............................................................................. |
328 |
|
Delete organizer data for members of a user group from the BlackBerry Enterprise Server ........................................ |
329 |
|
Delete a user's organizer data from a BlackBerry Enterprise Server .......................................................................... |
329 |
|
Turning off organizer data synchronization ...................................................................................................................... |
329 |
|
Turn off organizer data synchronization for all user accounts that are associated with a BlackBerry Enterprise |
|
|
Server ..................................................................................................................................................................... |
330 |
|
Turn off organizer data synchronization for a specific user account ........................................................................... |
330 |
|
Changing how organizer data synchronizes ..................................................................................................................... |
331 |
|
Change the direction of organizer data synchronization for all user accounts on a BlackBerry Enterprise Server ........ |
331 |
|
Change the direction of organizer data synchronization for a specific user account ................................................... |
331 |
|
Change how the BlackBerry Administration Service resolves conflicts during organizer data synchronization for all |
|
|
user accounts on a BlackBerry Enterprise Server ...................................................................................................... |
332 |
|
Change how the BlackBerry Administration Service resolves conflicts during organizer data synchronization for a |
|
|
specific user account ............................................................................................................................................... |
332 |
|
Synchronizing contact pictures ....................................................................................................................................... |
333 |
|
Turn off synchronization of contact pictures for a user account ................................................................................. |
333 |
29 |
Managing your organization's messaging environment and attachment support ........................... |
335 |
Managing message forwarding ....................................................................................................................................... |
335 |
Forward email messages to a BlackBerry device when no filter rules apply ................................................................ |
335 |
Do not deliver email messages to a BlackBerry device when no filter rules apply ....................................................... |
336 |
Forward email messages from inbox subfolders to a BlackBerry device ..................................................................... |
336 |
Turn off email message forwarding to user accounts in a group ................................................................................. |
337 |
Turn off email message forwarding to a user account ................................................................................................ |
337 |
Turn off synchronization for email messages sent from a BlackBerry device .............................................................. |
338 |
Turn off email message forwarding when a user connects a BlackBerry device to a computer ................................... |
338 |
Managing the incoming message queue ......................................................................................................................... |
339 |
Delete email messages for user accounts from the incoming message queue ........................................................... |
339 |
Managing wireless message reconciliation ...................................................................................................................... |
340 |
Turn off wireless message reconciliation for a BlackBerry Enterprise Server .............................................................. |
340 |
Turn on reconciliation for email messages that are hard deleted ............................................................................... |
340 |
Managing access to remote message data ...................................................................................................................... |
341 |
Prevent a user from checking the availability of meeting participants on the BlackBerry device ................................. |
341 |
Prevent a user from searching for remote email messages using a device ................................................................. |
342 |
Managing email messages that contain HTML and rich content ...................................................................................... |
343 |
View whether a user turned on support for email messages that contain HTML and rich content for a BlackBerry |
|
device ..................................................................................................................................................................... |
343 |
Turn off support for rich text formatting and inline images in email messages for users on a BlackBerry Enterprise |
|
Server ..................................................................................................................................................................... |
344 |
Turn off support for rich text formatting and inline images in email messages using an IT policy rule .......................... |
345 |
Synchronizing folders on the BlackBerry device .............................................................................................................. |
346 |
Control which published public contact folders a user can synchronize to a BlackBerry device .................................. |
346 |
Control which personal contact subfolders a user can synchronize to a BlackBerry device ........................................ |
346 |
Control which personal mail folders a user can synchronize with a BlackBerry device ................................................ |
347 |
Configuring access to documents on remote file systems ................................................................................................ |
348 |
Configure the BlackBerry MDS Connection Service to communicate with a remote file system .................................. |
348 |
Add communication information to a BlackBerry MDS Connection Service configuration set ..................................... |
349 |
Assign a BlackBerry MDS Connection Service configuration set to a BlackBerry MDS Connection Service instance ... |
350 |
Managing signatures and disclaimers in email messages ................................................................................................ |
351 |
Add a signature to email messages that a user sends from a BlackBerry device ........................................................ |
351 |
Add a disclaimer to email messages that users send from BlackBerry devices .......................................................... |
352 |
Add a disclaimer to email messages that a user sends from a BlackBerry device ....................................................... |
352 |
Specify conflict rules for disclaimers ........................................................................................................................ |
353 |
Turn off disclaimers for email messages ................................................................................................................... |
353 |
Monitor email messages that users send from BlackBerry devices ................................................................................... |
354 |
Sending notification messages to users ........................................................................................................................... |
354 |
Send a notification message to all users in a BlackBerry Domain .............................................................................. |
355 |
Send a notification message to all users on a BlackBerry Enterprise Server ............................................................... |
355 |
Send a notification message to group members ........................................................................................................ |
355 |
Send a notification message to a user ....................................................................................................................... |
356 |
Change the size of the message state database ............................................................................................................... |
356 |
How the BlackBerry Attachment Connector communicates with BlackBerry Attachment Service instances ..................... |
357 |
|
Change how a BlackBerry Attachment Connector retries sending requests to a BlackBerry Attachment Service ........ |
357 |
|
Change how a BlackBerry Attachment Connector restores a lost connection to a BlackBerry Attachment Service ..... |
358 |
|
Attachment file formats that the BlackBerry Attachment Service supports ...................................................................... |
359 |
|
Limitations for supported attachment file formats ..................................................................................................... |
359 |
|
Changing how a BlackBerry Attachment Service converts attachments ........................................................................... |
361 |
|
Change how a BlackBerry Attachment Service converts attachments ....................................................................... |
361 |
|
Change the maximum file size for attachments that users can receive ...................................................................... |
363 |
|
Turn off support for an attachment file format for a BlackBerry Attachment Service ......................................................... |
364 |
|
Add support for an additional attachment file format to a BlackBerry Attachment Service ................................................ |
365 |
|
Changing how the BlackBerry Messaging Agent reconciles attachments to the messaging server .................................... |
366 |
|
Change the maximum file size for attachments that users can send .......................................................................... |
366 |
|
Prevent users from sending large attachments ......................................................................................................... |
367 |
|
Change the maximum file size of attachments that users can download .................................................................... |
367 |
30 |
Managing calendars .................................................................................................................... |
369 |
|
Configuring the BlackBerry Enterprise Server to use Microsoft Exchange Web Services or MAPI and CDO libraries ........... |
369 |
|
Prerequisites: Configuring the BlackBerry Enterprise Server to use Microsoft Exchange Web Services ....................... |
369 |
|
Turn off client throttling in Microsoft Exchange 2010 ................................................................................................ |
370 |
|
Configure the BlackBerry Enterprise Server to use Microsoft Exchange Web Services ................................................ |
370 |
|
Configure the BlackBerry Enterprise Server to use MAPI and CDO libraries ............................................................... |
371 |
|
Configure the BlackBerry Messaging Agent instances to use a web address for a specific Microsoft Autodiscover |
|
|
service .................................................................................................................................................................... |
372 |
|
Configure the BlackBerry Messaging Agent instances to use a specific web address for a client access server for |
|
|
Microsoft Exchange ................................................................................................................................................. |
373 |
|
Configuring the BlackBerry Messaging Agent instances to look up the user's status using only Microsoft Exchange |
|
|
Web Services ........................................................................................................................................................... |
374 |
|
Correcting calendar synchronization errors on devices .................................................................................................... |
375 |
|
Configuration levels using the BlackBerry Enterprise Trait Tool ................................................................................. |
375 |
|
Turn off corrective calendar synchronization ............................................................................................................ |
376 |
|
View the current settings for corrective calendar synchronization ............................................................................. |
377 |
|
Turn off automatic error correction in corrective calendar synchronization ................................................................ |
377 |
|
Configure the range of days to check for calendar synchronization errors .................................................................. |
378 |
|
Configure when corrective calendar synchronization runs ......................................................................................... |
379 |
|
Logging information for corrective calendar synchronization ..................................................................................... |
380 |
|
Delete a setting for corrective calendar synchronization ........................................................................................... |
381 |
|
Start corrective calendar synchronization manually for a user account ............................................................................ |
382 |
|
Improving the flow of email messages and calendar synchronization when the BlackBerry Enterprise Server runs on |
|
|
Windows Server 2008 ..................................................................................................................................................... |
382 |
|
Change how the BlackBerry Enterprise Server creates temporary MAPI profiles for the CalHelper application ........... |
383 |
31 |
Managing instant messaging ....................................................................................................... |
384 |
|
Installing a collaboration client on BlackBerry devices ..................................................................................................... |
384 |
|
Change the instant messaging server or pool that a BlackBerry Collaboration Service connects to .................................... |
385 |
|
Change the transport protocol for a Microsoft instant messaging environment ................................................................. |
385 |
|
Specify the Windows domain name for users who log in to a collaboration client .............................................................. |
386 |
|
Managing instant messaging sessions ............................................................................................................................. |
387 |
|
Specify the maximum number of instant messaging sessions that can be open at the same time ............................... |
387 |
|
Specify the inactivity timeout limit for instant messaging sessions ............................................................................. |
387 |
|
Managing instant messaging features ............................................................................................................................. |
388 |
|
Prevent users from sending specific file types to instant messaging contacts using the BlackBerry Client for IBM |
|
|
Lotus Sametime ....................................................................................................................................................... |
388 |
|
Specifying the maximum size of file types that users can send using the BlackBerry Client for IBM Lotus Sametime .. |
388 |
|
Prevent users from sending instant messaging conversations in email messages ...................................................... |
389 |
|
Prevent users from saving instant messaging conversations ..................................................................................... |
389 |
|
Hide the icon that appears on BlackBerry devices for mobile contacts ...................................................................... |
389 |
|
Make additional contact information and phone numbers available for the BlackBerry Client for IBM Lotus |
|
|
Sametime users ....................................................................................................................................................... |
390 |
32 |
Managing a BlackBerry Domain .................................................................................................. |
392 |
|
Restarting BlackBerry Enterprise Server components ..................................................................................................... |
392 |
|
Restart a BlackBerry Enterprise Server component using the BlackBerry Administration Service .............................. |
393 |
|
Restart a BlackBerry Enterprise Server component using Windows Services ............................................................. |
393 |
|
Best practice: Restarting more than one BlackBerry Administration Service instance ............................................... |
394 |
|
Using the BlackBerry Enterprise Trait Tool ...................................................................................................................... |
394 |
|
Use the BlackBerry Enterprise Trait Tool .................................................................................................................. |
394 |
|
BlackBerry Enterprise Trait Tool traits ............................................................................................................................. |
395 |
|
Permit the BlackBerry Messaging Agent to write statistics to Microsoft Exchange mailboxes ............................................ |
406 |
|
Managing BlackBerry CAL keys ...................................................................................................................................... |
407 |
|
Add or delete a BlackBerry CAL key ......................................................................................................................... |
407 |
|
Copy a BlackBerry CAL key to a text file .................................................................................................................... |
408 |
|
Configuring the BlackBerry Mail Store Service instance that updates the contact list ....................................................... |
408 |
|
Configure the BlackBerry Mail Store Service instance that updates the contact list ................................................... |
409 |
|
Configuring a Hosted BlackBerry services environment ................................................................................................... |
409 |
|
Configuring Hosted BlackBerry services when you permit your organization’s customers limited access to |
|
|
Microsoft Active Directory ........................................................................................................................................ |
410 |
|
Configure Hosted BlackBerry services when your organization’s customers have full control of their subtree in |
|
|
Microsoft Active Directory ........................................................................................................................................ |
411 |
|
Configuring the BlackBerry Enterprise Server to use LDAP to retrieve email addresses and organizer data ....................... |
412 |
|
Configure the BlackBerry Enterprise Server to connect to Microsoft Active Directory ................................................. |
413 |
|
Configure the BlackBerry Enterprise Server to retrieve email addresses and organizer data using LDAP .................... |
414 |
|
Prevent the BlackBerry Enterprise Server from retrieving contact information for specific users ................................ |
415 |
|
Restrict the location in Microsoft Active Directory that the BlackBerry Enterprise Server can retrieve email |
|
|
addresses and organizer data from .......................................................................................................................... |
416 |
|
Configuring BlackBerry Policy Service throttling .............................................................................................................. |
416 |
|
View the current settings for BlackBerry Policy Service throttling .............................................................................. |
417 |
|
Configuring BlackBerry Policy Service throttling for IT policies and service books ...................................................... |
417 |
|
Configuring BlackBerry Policy Service throttling for PIN encryption keys ................................................................... |
419 |
|
Configuring BlackBerry Policy Service throttling for application polling ..................................................................... |
419 |
|
Delete a BlackBerry Policy Service throttling setting ................................................................................................. |
420 |
|
Change the port number that BlackBerry Enterprise Server components use to connect to the BlackBerry |
|
|
Configuration Database .................................................................................................................................................. |
421 |
|
Change the port number that the syslog tools use to monitor BlackBerry Enterprise Server events ................................... |
422 |
33 |
BlackBerry Controller and BlackBerry Enterprise Server Component Monitoring .......................... |
423 |
|
How the BlackBerry Controller monitors the BlackBerry Enterprise Server components ................................................... |
423 |
|
Change how the BlackBerry Controller restarts the BlackBerry Messaging Agent ...................................................... |
423 |
|
Change how the BlackBerry Controller restarts a BlackBerry Enterprise Server service ............................................. |
426 |
|
BlackBerry Enterprise Server Alert Tool ........................................................................................................................... |
428 |
|
Configuring notifications using the BlackBerry Enterprise Server Alert Tool ............................................................... |
428 |
34 |
BlackBerry Enterprise Server log files .......................................................................................... |
431 |
|
Monitoring PIN messages, SMS text messages, and calls ................................................................................................ |
431 |
|
Change the default location for the log files for PIN messages, SMS text messages, and calls .................................... |
431 |
|
Log files for BlackBerry Enterprise Server components .................................................................................................... |
433 |
|
Changing the location where BlackBerry Enterprise Server components save log files ............................................... |
433 |
|
Changing how BlackBerry Enterprise Server components create log files .................................................................. |
434 |
|
Component identifiers for log files ............................................................................................................................ |
439 |
|
BlackBerry MDS Connection Service log files .................................................................................................................. |
440 |
|
Changing how the BlackBerry MDS Connection Service creates a log file .................................................................. |
440 |
|
Using BlackBerry MDS Connection Service log files to view information for proxied connections to BlackBerry |
|
|
devices .................................................................................................................................................................... |
444 |
|
BlackBerry Collaboration Service log files ........................................................................................................................ |
445 |
|
Change which activities the BlackBerry Collaboration Service writes to a log file ........................................................ |
445 |
35 |
BlackBerry Enterprise Solution connection types and port numbers ............................................. |
447 |
|
BlackBerry Administration Service connection types and port numbers ........................................................................... |
447 |
|
BlackBerry Attachment Service connection types and port numbers ............................................................................... |
449 |
|
BlackBerry Collaboration Service connection types and port numbers ............................................................................. |
450 |
|
BlackBerry Configuration Database connection types and port numbers ......................................................................... |
452 |
|
BlackBerry Controller connection types and port numbers .............................................................................................. |
453 |
|
BlackBerry Dispatcher connection types and port numbers ............................................................................................ |
454 |
|
BlackBerry Messaging Agent connection types and port numbers ................................................................................... |
456 |
|
BlackBerry MDS Connection Service connection types and port numbers ....................................................................... |
459 |
|
BlackBerry Monitoring Service connection types and port numbers ................................................................................. |
460 |
|
BlackBerry Policy Service connection types and port numbers ........................................................................................ |
461 |
|
BlackBerry Router connection types and port numbers ................................................................................................... |
462 |
|
BlackBerry Synchronization Service connection types and port numbers ......................................................................... |
464 |
|
CalHelper connection type and port number ................................................................................................................... |
465 |
|
IBM Lotus Sametime connection type and port number .................................................................................................. |
466 |
|
Microsoft Exchange connection types and port numbers ................................................................................................. |
466 |
|
Microsoft Office Live Communications Server 2005 connection types and port numbers .................................................. |
467 |
|
BlackBerry Client for use with Microsoft Office Live Communications Server 2005 connection types and port numbers .... |
467 |
|
Novell GroupWise Messenger connection type and port number ..................................................................................... |
468 |
|
SNMP agent connection types and port numbers ............................................................................................................ |
468 |
|
Syslog connection type and port number ........................................................................................................................ |
469 |
36 |
Troubleshooting .......................................................................................................................... |
470 |
|
Troubleshooting: Connecting to the BlackBerry Administration Service ........................................................................... |
470 |
|
The web browser displays an HTTP 404 or HTTP 504 error message when it tries to connect to a BlackBerry |
|
|
Administration Service instance ............................................................................................................................... |
470 |
|
Troubleshooting: BlackBerry Enterprise Server Performance ........................................................................................... |
471 |
|
A BlackBerry Enterprise Server that you installed remotely from the BlackBerry Configuration Database uses an |
|
|
unexpected amount of system resources and increases wireless network traffic ....................................................... |
471 |
|
Microsoft SQL Server uses a considerable amount of disk space ............................................................................... |
472 |
|
Troubleshooting: Setting up user accounts ...................................................................................................................... |
472 |
|
You cannot create a user account in the BlackBerry Administration Service .............................................................. |
472 |
|
You cannot find a new user account in the directory using the BlackBerry Administration Service ............................. |
473 |
|
Troubleshooting: Messaging ........................................................................................................................................... |
473 |
|
Messages are not delivered to BlackBerry devices .................................................................................................... |
473 |
|
Text does not appear correctly in Unicode email messages ...................................................................................... |
474 |
|
Troubleshooting: Instant messaging ................................................................................................................................ |
474 |
|
Users cannot view phone numbers for contacts in the BlackBerry Client for IBM Lotus Sametime ............................. |
474 |
|
A user did not accept a notification about an instant message on a computer and the notification disappeared ......... |
476 |
|
A user receives a 301 error when the user logs in to an instant messaging application on a BlackBerry device ........... |
476 |
|
Troubleshooting: BlackBerry Web Desktop Manager ....................................................................................................... |
477 |
|
Troubleshooting: Users cannot log in to the BlackBerry Web Desktop Manager ......................................................... |
477 |
|
Troubleshooting: Connections to the Wi-Fi network ......................................................................................................... |
478 |
|
A BlackBerry device cannot connect to a Wi-Fi network ............................................................................................ |
478 |
|
A BlackBerry device cannot open a VPN connection ................................................................................................ |
487 |
|
A BlackBerry device cannot connect to the mobile network using UMA or GAN ......................................................... |
488 |
|
Verify whether a BlackBerry device can resolve an IP address ................................................................................... |
489 |
|
Look up a computer name to resolve an IP address .................................................................................................. |
489 |
|
Troubleshooting: BlackBerry Administration Service pools .............................................................................................. |
490 |
|
BlackBerry Administration Service instances located in different network segments are not connecting to each |
|
|
other ....................................................................................................................................................................... |
490 |
|
Troubleshooting: BlackBerry Monitoring Service connections .......................................................................................... |
491 |
|
A user cannot log in to the BlackBerry Monitoring Service ......................................................................................... |
491 |
|
Troubleshooting: IT policies ............................................................................................................................................ |
492 |
|
I cannot find an IT policy rule in the BlackBerry Administration Service ..................................................................... |
492 |
37 |
Glossary ...................................................................................................................................... |
493 |
38 |
Legal notice ................................................................................................................................ |
498 |
Administration Guide |
Overview: BlackBerry Enterprise Server |
Overview: BlackBerry |
|
1 |
|
Enterprise Server |
|
|
The BlackBerry Enterprise Server is designed to be a secure, centralized link between an organization's wireless network, communications software, applications, and BlackBerry smartphones. The BlackBerry Enterprise Server integrates with your organization's existing infrastructure to provide smartphone users with mobile access to your organization's resources.
You can manage the BlackBerry Enterprise Server, smartphones, and user accounts using the BlackBerry Administration Service. You can access the BlackBerry Administration Service web application from any computer that can access the computer that hosts the BlackBerry Administration Service.
You can optionally install BlackBerry Mobile Fusion Studio in your organization's environment to provide a simplified administrative console for your organization's helpdesk administrators and an integrated view of the BlackBerry Enterprise Server and other MDM domains. For more information, visit http://www.blackberry.com/go/serverdocs to see the
BlackBerry Mobile Fusion Studio Feature and Technical Overview.
Document revision history
Date |
Description |
|
|
17 September 2012 |
Updated the following topics: |
|
• Create an administrator account |
|
• Permit users to perform administrative tasks using the BlackBerry Web |
|
Desktop Manager |
|
• Add a retrieved certificate for a web server to the key store |
|
• Changing password settings for BlackBerry Administration Service |
|
authentication |
|
• Permit a BlackBerry Enterprise Server to connect to a remote BlackBerry |
|
Router |
|
• Use the BlackBerry Administration Service to delete device data and disable |
|
the device before assigning the device to a new user |
|
|
21
Administration Guide Overview: BlackBerry Enterprise Server
Date |
Description |
|
|
14 September 2011 |
Updated the following topics: |
|
• Import IT policy data |
|
• Reconciliation rules for conflicting IT policies when you apply multiple IT |
|
policies to a user account |
|
• Reconciliation rules for conflicting IT policies when you apply one IT policy to |
|
the user account |
|
• Troubleshooting: IT policies |
|
• Mapping contact information fields for synchronization and contact lookups |
|
• Map a contact information field in an email application to a contact list field |
|
on BlackBerry devices |
|
• Permit users to create activation passwords using the BlackBerry Web |
|
Desktop Manager |
|
|
3 August 2011 |
Added the following topic: |
|
• Import IT policy rules from an IT policy pack |
|
|
14 June 2011 |
Updated the following topics: |
|
• Configuring a new mirror BlackBerry Configuration Database |
|
• Configure the certificate information using IT policies |
|
|
07 March 2011 |
Initial version |
|
|
Getting started in your BlackBerry Enterprise Server environment
The following table lists the tasks that administrators typically perform after installing a BlackBerry Enterprise Server, and the chapter or section in the BlackBerry Enterprise Server Administration Guide that contains the information required to complete the task. Some of the tasks might not be required in your organization's environment.
Task |
Chapter |
|
|
Create administrator accounts. |
Creating administrator accounts |
|
|
22
Administration Guide Overview: BlackBerry Enterprise Server
Task |
Chapter |
|
|
Review the default IT policies. If necessary, change existing |
Configuring security options |
IT policies or create new IT policies. |
• Section: Using an IT policy to manage BlackBerry |
|
|
|
Enterprise Solution security |
|
|
Add user accounts to the BlackBerry Enterprise Server. |
Configuring user accounts |
|
• Section: Adding a user account to the BlackBerry |
|
Enterprise Server |
|
|
Create groups. |
Configuring user accounts |
|
• Section: Creating groups |
|
|
Add user accounts to groups. |
Configuring user accounts |
|
• Section: Add a user account to a group |
|
|
Review the default distribution settings for IT policies. If |
Managing the delivery of BlackBerry Java Applications, |
necessary, change the default distribution settings. |
BlackBerry Device Software, and device settings to |
|
BlackBerry devices |
|
• Section: Change how IT policies are sent to BlackBerry |
|
devices |
|
|
Assign IT policies to groups or user accounts. |
Setting up security options |
|
• Section: Assign an IT policy to a group |
|
• Section: Assign an IT policy to a user account |
|
|
Assign BlackBerry devices to user accounts. |
Assigning BlackBerry devices to users |
|
|
If necessary, change the default messaging settings for your |
Setting up the messaging environment |
organization's environment. |
Managing your messaging environment and attachment |
|
|
|
support |
|
|
Prepare to distribute BlackBerry Java Applications. |
Sending software and BlackBerry Java Applications to |
|
BlackBerry devices |
|
• Section: Preparing to distribute BlackBerry Java |
|
Applications |
|
|
Review the default distribution settings for BlackBerry Java |
Managing the delivery of BlackBerry Java Applications, |
Applications. If necessary, change the default distribution |
BlackBerry Device Software, and device settings to |
settings. |
BlackBerry devices |
|
|
23
Administration Guide Overview: BlackBerry Enterprise Server
Task |
Chapter |
|
|
|
• Section: Change how to install, update, or remove |
|
BlackBerry Java Applications on BlackBerry devices |
|
|
Review the default application control policies and |
Sending software and BlackBerry Java Applications to |
application control policies for unlisted applications. If |
BlackBerry devices |
necessary, change the existing application control policies. |
• Section: Configuring application control policies |
|
|
|
• Section: Application control policies for unlisted |
|
applications |
|
|
Create software configurations for BlackBerry Java |
Sending software and BlackBerry Java Applications to |
Applications. |
BlackBerry devices |
|
• Section: Creating software configurations |
|
|
Assign software configurations for BlackBerry Java |
Sending software and BlackBerry Java Applications to |
Applications to groups, multiple user accounts, or individual |
BlackBerry devices |
user accounts. |
• Section: Assign a software configuration to a group |
|
|
|
• Section: Assign a software configuration to multiple user |
|
accounts |
|
• Section: Assign a software configuration to a user |
|
account |
|
|
Configure BlackBerry Enterprise Server high availability. |
Configuring BlackBerry Enterprise Server high availability |
|
|
Optional tasks |
|
|
|
Task |
Chapter |
|
|
Update BlackBerry Device Software on BlackBerry devices. |
Visit www.blackberry.com/go/serverdocs to see the |
|
BlackBerry Device Software Update Guide. |
|
|
Make the BlackBerry Web Desktop Manager available to |
Making the BlackBerry Web Desktop Manager available to |
users and configure the BlackBerry Web Desktop Manager. |
users |
|
Configuring the BlackBerry Web Desktop Manager |
|
|
Change the default settings for your instant messaging |
Managing instant messaging |
environment. |
|
|
|
Create and configure Wi-Fi and VPN profiles. |
Creating and configuring Wi-Fi profiles and VPN profiles |
|
|
Configure BlackBerry devices to enroll certificates. |
Configuring BlackBerry devices to enroll certificates |
|
|
24
Administration Guide Overview: BlackBerry Enterprise Server
Task |
Chapter |
|
|
|
|
Configure high availability for BlackBerry Enterprise Server |
Configuring BlackBerry Enterprise Server high availability |
|
components and for the BlackBerry Configuration |
Configuring BlackBerry Configuration Database high |
|
Database. |
||
availability |
||
|
||
|
|
|
Use the BlackBerry Monitoring Service to troubleshoot |
Visit www.blackberry.com/go/serverdocs to see the |
|
issues and monitor the health of a BlackBerry Enterprise |
BlackBerry Enterprise Server Monitoring Guide. |
|
Server. |
|
|
|
|
|
Change how the BlackBerry Enterprise Server creates log |
BlackBerry Enterprise Server log files |
|
files. |
|
|
|
|
25
Administration Guide |
Log in to the BlackBerry Administration Service for the first time |
Log in to the BlackBerry |
|
2 |
|
Administration Service for the |
|
|
|
first time |
|
To open the BlackBerry Administration Service, you can use a browser on any computer that has access to the computer that hosts the BlackBerry Administration Service.
Before you begin: To manage a BlackBerry device using the BlackBerry Administration Service while the BlackBerry device is connected to the computer, the browser must permit Microsoft ActiveX controls.
1.In the browser, type https://<server_name>/webconsole/app, where <server_name> is the name of the computer that hosts the BlackBerry Administration Service.
2.In the User name field, type admin.
3.In the Password field, type the password that you created during the installation process.
4.In the Log in using drop-down list, click BlackBerry Administration Service or Active Directory Authentication.
5.Click Log in.
Related information
Best practice: Running the BlackBerry Enterprise Server, 71
The web browser displays an HTTP 404 or HTTP 504 error message when it tries to connect to a BlackBerry Administration Service instance, 470
There is a problem with this website's security certificate
Description
The browser displays this error message when you try to navigate to the BlackBerry Administration Service using Windows Internet Explorer version 7 or later.
26
Administration Guide |
Log in to the BlackBerry Administration Service for the first time |
Possible solution
Add the web address for the BlackBerry Administration Service to the list of trusted web sites in Windows Internet Explorer, and install the certificate for the BlackBerry Administration Service in the certificate store of your computer.
1.In Windows Internet Explorer, navigate to the BlackBerry Administration Service console.
2.Click Continue to this website (not recommended).
3.On the Tools menu, click Internet Options.
4.On the Security tab, click Local Intranet.
5.Click Sites.
6.Click Add to add the console to the list of trusted web sites.
7.Click Close.
8.Click OK.
9.In the browser window, on the toolbar, click Certificate Error.
10.Click View certificates.
11.Click Install certificate. The Certificate Import Wizard opens.
12.Complete the instructions in the Certificate Import Wizard. If you are trying to log in to the BlackBerry Administration Service using a computer that runs Windows Vista, perform the following actions in the Certificate Import Wizard.
a In the Certificate Store dialog box, click Place all certificates in the following store. b Click Browse.
c Click Trusted Root Certification Authorities. d Click OK.
13.Close and reopen the browser.
This connection is untrusted
Description
The browser displays this error message when you try to navigate to the BlackBerry Administration Service or BlackBerry Monitoring Service using Mozilla Firefox 3.6.
Possible solution
Install the certificate for the BlackBerry Administration Service or BlackBerry Monitoring Service in the certificate store of your computer.
1. In Firefox, navigate to the BlackBerry Administration Service console or BlackBerry Monitoring Service console.
27
Administration Guide |
Log in to the BlackBerry Administration Service for the first time |
2.Click I Understand the Risks.
3.Click Add Exception.
4.Click Confirm Security Exception.
5.Close and reopen the browser.
28
Administration Guide |
Creating administrator accounts |
Creating administrator |
|
3 |
|
accounts |
|
|
Administrative roles and permissions
You create roles for administrator accounts or assign preconfigured roles to administrator accounts so that you can specify what tasks an administrator can perform on the BlackBerry Enterprise Server.
You can specify the actions that administrators can perform by changing the permission that you assign to administrative roles. Permissions specify the information that administrators can view and the tasks that they can perform using the BlackBerry Administration Service and BlackBerry Monitoring Service. Each action that you perform in the BlackBerry Administration Service is associated with a specific permission. You can specify the actions that administrators can perform by changing the permission that you assign to administrative roles. For more information about performing specific tasks that are associated with the permissions, see the BlackBerry Enterprise Server Administration Guide. Roles do not apply to tasks that an administrator can perform using the BlackBerry Configuration Panel.
You can assign multiple roles to administrator accounts. If you assign multiple roles to an administrator account, the administrator is assigned all the permissions that are turned on for each of the roles.
You can also assign roles to groups and add administrator accounts to groups. This allows you to specify administrative role permissions at a group level instead of at an individual level. If the group contains BlackBerry device users, the roles are also assigned to the users and the users become administrators.
Preconfigured administrative roles
The BlackBerry Enterprise Server installation process includes preconfigured administrative roles. You can use the preconfigured administrative roles in your organization's environment instead of creating customize administrative roles. Each preconfigured administrative role contains multiple permissions that are turned on. The preconfigured administrative roles make sure that users that do not have specific administrative permissions cannot escalate their permissions. For example, junior helpdesk administrators cannot escalate their roles to senior helpdesk administrator roles. You can configure additional permissions in the preconfigured administrative roles or turn off any of the permissions.
29
Administration Guide Creating administrator accounts
|
|
Enterprise |
Senior |
Junior |
Server only |
User only |
|
Permission name |
Security role |
Helpdesk |
Helpdesk |
||||
role |
role |
role |
|||||
|
|
role |
role |
||||
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
Create a group |
X |
X |
X |
|
|
X |
|
|
|
|
|
|
|
|
|
Delete a group |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
|
View a group (across Group) |
X |
X |
X |
X |
|
X |
|
|
|
|
|
|
|
|
|
Edit a group (across Group) |
X |
X |
X |
X |
|
X |
|
|
|
|
|
|
|
|
|
Create a user |
X |
X |
X |
|
|
X |
|
|
|
|
|
|
|
|
|
Delete a user |
X |
X |
X |
|
|
X |
|
|
|
|
|
|
|
|
|
View a user (across Group) |
X |
X |
X |
X |
|
X |
|
|
|
|
|
|
|
|
|
Edit a user (across Group) |
X |
X |
X |
X |
|
X |
|
|
|
|
|
|
|
|
|
View a device (across Group) |
X |
X |
X |
X |
|
X |
|
|
|
|
|
|
|
|
|
Edit a device (across Group) |
X |
X |
X |
X |
|
X |
|
|
|
|
|
|
|
|
|
View device activation |
X |
X |
|
|
|
X |
|
settings |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Edit device activation |
X |
X |
|
|
|
X |
|
settings |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Create an IT policy |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
|
Delete an IT policy |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
|
View an IT policy |
X |
X |
X |
X |
|
X |
|
|
|
|
|
|
|
|
|
Edit an IT policy |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
|
Import an IT policy |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
|
Export an IT policy |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
|
Create a user-defined IT |
X |
X |
|
|
|
X |
|
policy template |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Delete a user-defined IT |
X |
X |
|
|
|
X |
|
policy template |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Edit a user-defined IT policy |
X |
X |
|
|
|
X |
|
template |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
30
Administration Guide Creating administrator accounts
|
|
Enterprise |
Senior |
Junior |
Server only |
User only |
|
Permission name |
Security role |
Helpdesk |
Helpdesk |
||||
role |
role |
role |
|||||
|
|
role |
role |
||||
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
Import an IT policy template |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
|
Resend data to devices |
X |
X |
X |
|
|
|
|
|
|
|
|
|
|
|
|
Create a software |
X |
X |
|
|
|
X |
|
configuration |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
View a software |
X |
X |
X |
X |
|
X |
|
configuration |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Edit a software configuration |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
|
Delete a software |
X |
X |
|
|
|
X |
|
configuration |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
View BlackBerry |
X |
X |
|
|
X |
|
|
Administration Service |
|
|
|
|
|
|
|
software management |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Edit BlackBerry |
X |
X |
|
|
|
|
|
Administration Service |
|
|
|
|
|
|
|
software management |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Create an application |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
|
View an application |
X |
X |
X |
X |
|
X |
|
|
|
|
|
|
|
|
|
Edit an application |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
|
Delete an application |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
|
Create an administrator user |
X |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Specify an activation |
X |
X |
X |
X |
|
X |
|
password |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Generate an activation email |
X |
X |
X |
X |
|
X |
|
|
|
|
|
|
|
|
|
Assign the current device to |
X |
X |
X |
X |
|
X |
|
a user |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Turn off and on external |
X |
X |
X |
|
|
X |
|
services |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Clear activation password |
X |
X |
X |
X |
|
X |
|
|
|
|
|
|
|
|
31
Administration Guide Creating administrator accounts
|
|
Enterprise |
Senior |
Junior |
Server only |
User only |
|
Permission name |
Security role |
Helpdesk |
Helpdesk |
||||
role |
role |
role |
|||||
|
|
role |
role |
||||
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
Clear synchronization |
X |
X |
X |
|
|
X |
|
backup data |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Clear user statistics |
X |
X |
X |
X |
|
X |
|
|
|
|
|
|
|
|
|
Export statistics |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
|
Reset user field mapping |
X |
X |
X |
|
|
X |
|
|
|
|
|
|
|
|
|
Turn on redirection |
X |
X |
X |
|
|
X |
|
|
|
|
|
|
|
|
|
Turn off redirection |
X |
X |
X |
|
|
X |
|
|
|
|
|
|
|
|
|
Refresh available user list |
X |
X |
|
|
|
X |
|
from company directory |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Add User from Company |
X |
X |
X |
|
|
X |
|
Directory |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Synchronize GroupWise |
X |
X |
|
|
X |
|
|
System Address Book |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Clear and synchronize |
X |
X |
|
|
X |
|
|
GroupWise System Address |
|
|
|
|
|
|
|
Book |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
View a server |
X |
X |
|
|
X |
|
|
|
|
|
|
|
|
|
|
Edit a server |
X |
X |
|
|
X |
|
|
|
|
|
|
|
|
|
|
View a component |
X |
X |
|
|
X |
|
|
|
|
|
|
|
|
|
|
Edit a component |
X |
X |
|
|
X |
|
|
|
|
|
|
|
|
|
|
View an instance |
X |
X |
|
|
X |
|
|
|
|
|
|
|
|
|
|
Edit an instance |
X |
X |
|
|
X |
|
|
|
|
|
|
|
|
|
|
Change the status of an |
X |
X |
|
|
X |
|
|
instance |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Edit an instance relationship |
X |
X |
|
|
X |
|
|
|
|
|
|
|
|
|
|
View a job |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
32
Administration Guide Creating administrator accounts
|
|
Enterprise |
Senior |
Junior |
Server only |
User only |
|
Permission name |
Security role |
Helpdesk |
Helpdesk |
||||
role |
role |
role |
|||||
|
|
role |
role |
||||
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
Edit a job |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
|
Manage deployment job |
X |
X |
|
|
|
X |
|
tasks |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Change the status of a job |
X |
X |
|
|
|
X |
|
task |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Update peer-to-peer |
X |
X |
|
|
X |
|
|
encryption key |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
View job distribution settings |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
|
Edit job distribution settings |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
|
Delete an instance |
X |
X |
|
|
X |
|
|
|
|
|
|
|
|
|
|
Edit license keys |
X |
X |
|
|
X |
|
|
|
|
|
|
|
|
|
|
View license keys |
X |
X |
|
|
X |
|
|
|
|
|
|
|
|
|
|
Manually fail a job |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
|
Clear instance statistics |
X |
X |
|
|
X |
|
|
|
|
|
|
|
|
|
|
View push rules for the |
X |
X |
X |
X |
X |
X |
|
BlackBerry MDS Connection |
|
|
|
|
|
|
|
Service |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
View pull rules for the |
X |
X |
X |
X |
|
X |
|
BlackBerry MDS Connection |
|
|
|
|
|
|
|
Service |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Send message (across |
X |
X |
X |
X |
|
X |
|
Group) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Create a role |
X |
|
|
|
|
X |
|
|
|
|
|
|
|
|
|
Delete a role |
X |
|
|
|
|
X |
|
|
|
|
|
|
|
|
|
View a role |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
|
Edit a role |
X |
|
|
|
|
X |
|
|
|
|
|
|
|
|
|
Add or remove role |
X |
|
|
|
|
|
|
|
|
|
|
|
|
|
33
Administration Guide Creating administrator accounts
|
|
Enterprise |
Senior |
Junior |
Server only |
User only |
|
Permission name |
Security role |
Helpdesk |
Helpdesk |
||||
role |
role |
role |
|||||
|
|
role |
role |
||||
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
Import or export groups |
X |
|
|
|
|
|
|
within roles |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Import new users |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
|
Import or export users |
X |
X |
X |
|
|
X |
|
|
|
|
|
|
|
|
|
Import user updates |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
|
Import or export email |
X |
X |
|
|
|
X |
|
message filters for a user |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Export asset summary data |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
|
Add or remove to user |
X |
X |
X |
|
|
X |
|
configuration |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Delete all device data and |
X |
X |
X |
X |
|
X |
|
remove device |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Delete only the organization |
X |
X |
X |
X |
|
X |
|
data and remove device |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Creating roles
You can create roles for administrator accounts so that administrators in your organization can perform specific tasks and view specific information in the BlackBerry Administration Service, BlackBerry Monitoring Service, and BlackBerry Web Desktop Manager. For example, you can create a role that has all permissions turned off by default and you can customize the role by turning on specific permissions. You can also create a role that is based on a preconfigured role and customize the role that you create.
Create a role
You can create a role for an administrator account if existing roles do not fulfill the criteria that your organization specified for the type of administrator account that you want to create. It is worthy to note that by default, when a new role is created all permissions for that role are turned off.
1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Role.
34
Administration Guide |
Creating administrator accounts |
2.Click Create a role.
3.Type a name and description for the role.
4.Click Save.
5.In the Role information section, click the name of the role that you created.
6.Click Edit role.
7.Switch the appropriate tabs to turn on the appropriate permissions.
8.Click Save all.
After you finish: Assign the role to an administrator account or group.
Create a role based on an existing role
To create a new role for an administrator account that is similar to an existing role, you can simply copy the existing role, use it to make a new role, and then make the appropriate changes to the new role.
1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Role.
2.Click Manage roles.
3.In the list of existing roles, click the role that you want to copy.
4.Click Copy role.
5.Type a name and description for the role.
6.Click Copy role.
7.In the Role information section, click the name of the role that you created.
8.Click Edit role.
9.Switch the appropriate tabs to change the appropriate permissions.
10.Click Save all.
After you finish: Assign the role to an administrator account or group.
Create an administrator account
You can create an account for administrators so that they can log in to the BlackBerry Administration Service and manage the BlackBerry Enterprise Server. You create an administrator account and assign the account to one or more roles. The roles control the actions that an administrator can perform in the BlackBerry Administration Service.
35
Administration Guide |
Creating administrator accounts |
If your environment includes a Microsoft Exchange resource forest, you must create the administrator account in the resource forest.
Before you begin: Verify that you can configure the authentication type and roles for an administrator account.
1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Administrator user.
2.Click Create an administrator user.
3.Type the required information. Consider using the minimum rules for password complexity when you create the password for the administrator account. The password should be at least 8 characters in length and contain at least one number, letter, and special character, and should not contain dictionary words.
4.In the Role drop-down list, click the role that you want to assign to the administrator account.
5.Click Create an administrator user.
After you finish: To configure the administrator account, provide the login information to the administrator and add the administrator account to a group, or you can assign additional roles to the administrator account.
Related information
Assigning BlackBerry devices to user accounts, 92 Managing administrator accounts, 282
Add an administrator account to a group
When you add an administrator account to one or more groups, you can manage role permissions at a group level instead of at an individual level. If you use groups to manage administrator roles and administrator accounts in your organization's environment, you can add multiple administrator accounts to specific groups and assign the appropriate roles to each group.
Note: If you add a role to a group, all accounts in the group become administrator accounts and have all of the permissions that are assigned to that role, even if the accounts are user accounts for BlackBerry device users.
1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.
2.Click Manage users.
3.Search for an administrator account.
4.In the search results, click the display name for the administrator account.
5.Click Edit user.
6.On the Groups tab, in the Available groups list, click the group that you want to add the administrator account to.
7.Click Add.
8.Click Save all.
36
Administration Guide |
Creating administrator accounts |
Related information
Create a group to manage similar user accounts, 84
Specify an email address for the BlackBerry Administration Service
You can specify the email address that the BlackBerry Administration Service sends BlackBerry Enterprise Server system messages or activation passwords from.
Before you begin: Create an email account on your organization's messaging server.
1.In the BlackBerry Administration Service, on the Devices menu, expand Wireless activations.
2.Click Device activation settings.
3.Click Edit activation settings.
4.In the Sender address field, type the email address that you want the BlackBerry Administration Service to send system messages or activation passwords from.
5.Click Save all.
Permit an administrator to log in to the BlackBerry Administration Service using a messaging server account
You can permit an administrator to log in to the BlackBerry Administration Service using a user name and password for the messaging server.
1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.
2.Click Manage users.
3.Search for a user account.
4.In the search results, click the display name for the user account.
5.Click Edit user.
6.In the Authentication type section, click the Edit icon.
37
Administration Guide |
Creating administrator accounts |
7.In the User information section, in the Display name field, type the user name.
8.In the Authentication type section, type and verify a password.
9.Click the Update icon.
10.Click Save all.
Assign a BlackBerry device to an administrator account
You can assign a BlackBerry device to an administrator without creating a separate user account.
1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.
2.Click Manage users.
3.Search for an administrator account.
4.Click the display name for the administrator account.
5.In the BlackBerry Enterprise Server status list, click Enable as BlackBerry user.
6.Search for the messaging server display name or email address of the administrator.
7.Select the check box beside the administrator account.
8.Click Next.
9.Click the BlackBerry Enterprise Server that you want to assign the administrator account to.
10.Click Save all.
38
Administration Guide |
Using an IT policy to manage BlackBerry Enterprise Solution security |
Using an IT policy to manage |
|
4 |
|
BlackBerry Enterprise Solution |
|
|
|
security |
|
You can use an IT policy to control and manage BlackBerry devices, the BlackBerry Desktop Software, and the BlackBerry Web Desktop Manager in your organization's environment. An IT policy consists of multiple IT policy rules that manage the security and behavior of the BlackBerry Enterprise Solution. For example, you can use IT policy rules to manage the following security features and behaviors of the device:
•encryption (for example, encryption of user data and messages that the BlackBerry Enterprise Server forwards to message recipients) and encryption strength
•use of a password or pass phrase
•connections that use Bluetooth wireless technology
•protection of user data and device transport keys on the device
•control of device resources, such as the camera or GPS, that are available to third-party applications
The BlackBerry Enterprise Server includes preconfigured IT policies that you can use to manage the security of the BlackBerry Enterprise Solution. The Default IT policy includes IT policy rules that are configured to indicate the default behavior of the device or BlackBerry Desktop Software.
After a device user activates a device, the BlackBerry Enterprise Server automatically sends to the device the IT policy that you assigned to the user account or group. By default, if you do not assign an IT policy to the user account or group, the BlackBerry Enterprise Server sends the Default IT policy. If you delete an IT policy that you assigned to the user account or group, the BlackBerry Enterprise Server automatically re-assigns the Default IT policy to the user account and resends the Default IT policy to the device.
For more information, see the BlackBerry Enterprise Server Policy Reference Guide.
Using IT policy rules to manage BlackBerry Enterprise Solution security
You can use IT policy rules to customize and control the actions that the BlackBerry Enterprise Solution can perform.
39
Administration Guide |
Using an IT policy to manage BlackBerry Enterprise Solution security |
To use an IT policy rule on a BlackBerry device, you must verify that the BlackBerry Device Software version supports the IT policy rule. For example, you cannot use the Disable Camera IT policy rule to control whether a BlackBerry device user can access the camera on the device if the BlackBerry Device Software version does not support the IT policy rule. For information about the BlackBerry Device Software version that is required for a specific IT policy rule, see the BlackBerry Enterprise Server Policy Reference Guide.
If you create a custom IT policy that does not permit users to change their user information on their devices, you can only apply this custom IT policy to devices running BlackBerry Device Software 5.0 or later.
The BlackBerry Administration Service groups the IT policy rules by common properties or by application. Most IT policy rules are designed so that you can assign them to multiple user accounts and groups.
Preconfigured IT policies
The BlackBerry Enterprise Server includes the following preconfigured IT policies that you can change to create IT policies that meet the requirements of your organization.
Preconfigured IT policy |
Description |
|
|
Default |
This policy includes all the standard IT policy rules that are set on the |
|
BlackBerry Enterprise Server. |
|
|
Individual-Liable Devices |
Similar to the Default IT policy, this policy prevents BlackBerry device users from |
|
accessing organizer data from within the social networking applications on their |
|
BlackBerry devices. |
|
This policy permits users to access their personal calendar services and email |
|
messaging services (for example, their BlackBerry Internet Service accounts), |
|
update the BlackBerry Device Software using methods that exist outside your |
|
organization, make calls when devices are locked, and cut, copy, and paste text. |
|
Users cannot forward email messages from one email messaging service to |
|
another. |
|
You can use the Individual-Liable Devices IT policy if your organization includes |
|
users who purchase their own devices and connect the devices to a BlackBerry |
|
Enterprise Server instance in your organization's environment. |
|
|
Basic Password Security |
Similar to the Default IT policy, this policy also requires a basic password that |
|
users can use to unlock their devices. Users must change the passwords |
|
regularly. The IT policy includes a password timeout that locks devices. |
|
|
Medium Password Security |
Similar to the Default IT policy, this policy also requires a complex password that |
|
users can use to unlock their devices. Users must change the passwords |
|
regularly. This policy includes a maximum password history and turns off |
|
Bluetooth technology on devices. |
|
|
40
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security
Preconfigured IT policy |
Description |
|
|
Medium Security with No 3rd Party |
Similar to the Medium Password Security, this policy requires a complex |
Applications |
password that a user must change frequently, a security timeout, and a |
|
maximum password history. This policy prevents users from making their |
|
devices discoverable by other Bluetooth enabled devices and prevents devices |
|
from downloading third-party applications. |
|
|
Advanced Security |
Similar to the Default IT policy, this IT policy also requires a complex password |
|
that users must change frequently, a password timeout that locks devices, and a |
|
maximum password history. This policy restricts Bluetooth technology on |
|
devices, turns on strong content protection, turns off USB mass storage, and |
|
requires devices to encrypt external file systems. |
|
|
Advanced Security with No 3rd Party |
Similar to the Advanced Security IT policy, this IT policy requires a complex |
Applications |
password that users must change frequently, a password timeout that locks |
|
devices, and a maximum password history. This policy restricts Bluetooth |
|
technology on devices, turns on strong content protection, turns off USB mass |
|
storage, requires devices to encrypt external file systems, and prevents devices |
|
from downloading third-party applications. |
|
|
Default values for preconfigured IT policies
You can configure additional IT policy rules in the preconfigured IT policies or change any of the following values:
IT policy rule |
Default IT |
Individual- |
Basic |
Medium |
Medium |
Advanced |
Advanced |
|
policy |
Liable |
Password |
Password |
Password |
Security IT |
Security |
|
|
Device IT |
Security IT |
Security IT |
Security |
policy |
with No 3rd |
|
|
policy |
policy |
policy |
with No 3rd |
|
Party |
|
|
|
|
|
Party |
|
Applications |
|
|
|
|
|
Applications |
|
IT policy |
|
|
|
|
|
IT policy |
|
|
Device-Only Items |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Enable Long- |
— |
— |
— |
Yes |
Yes |
Yes |
Yes |
Term Timeout |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Maximum |
— |
— |
30 minutes |
10 minutes |
10 minutes |
10 minutes |
10 minutes |
Security Timeout |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Maximum |
— |
— |
60 days |
30 days |
30 days |
30 days |
30 days |
Password Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Password |
no restriction |
— |
no restriction |
at least 1 |
at least 1 |
at least 1 |
at least 1 |
Pattern Checks |
|
|
|
alpha and 1 |
alpha and 1 |
alpha and 1 |
alpha and 1 |
|
|
|
|
|
|
|
|
41
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security
IT policy rule |
Default IT |
Individual- |
Basic |
Medium |
Medium |
Advanced |
Advanced |
|
policy |
Liable |
Password |
Password |
Password |
Security IT |
Security |
|
|
Device IT |
Security IT |
Security IT |
Security |
policy |
with No 3rd |
|
|
policy |
policy |
policy |
with No 3rd |
|
Party |
|
|
|
|
|
Party |
|
Applications |
|
|
|
|
|
Applications |
|
IT policy |
|
|
|
|
|
IT policy |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
numeric |
numeric |
numeric |
numeric |
|
|
|
|
character |
character |
character |
character |
|
|
|
|
|
|
|
|
Password |
No |
— |
Yes |
Yes |
Yes |
Yes |
Yes |
Required |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
User Can |
Yes |
— |
Yes |
Yes |
Yes |
Yes |
Yes |
Change Timeout |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
User Can |
Yes |
— |
No |
No |
No |
No |
No |
Disable |
|
|
|
|
|
|
|
Password |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Password policy group |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Maximum |
— |
— |
— |
6 |
6 |
6 |
6 |
Password |
|
|
|
|
|
|
|
History |
|
|
|
|
|
|
|
|
|
|
|
|
|
||
RIM Value-Added Applications policy group |
|
|
|
|
|
||
|
|
|
|
|
|
|
|
Disable |
Yes |
Yes |
— |
— |
— |
— |
— |
Organizer Data |
|
|
|
|
|
|
|
Access for Social |
|
|
|
|
|
|
|
Networking |
|
|
|
|
|
|
|
Applications |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Security policy group |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Allow Outgoing |
No |
Yes |
— |
— |
— |
— |
— |
Call When |
|
|
|
|
|
|
|
Locked |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Content |
— |
— |
— |
— |
— |
Strong |
Strong |
Protection |
|
|
|
|
|
|
|
Strength |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Disable Cut/ |
No |
No |
— |
— |
— |
— |
— |
Copy/Paste |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Disable |
No |
Yes |
— |
— |
— |
— |
— |
Forwarding |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
42
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security
IT policy rule |
Default IT |
Individual- |
Basic |
Medium |
Medium |
Advanced |
Advanced |
|
policy |
Liable |
Password |
Password |
Password |
Security IT |
Security |
|
|
Device IT |
Security IT |
Security IT |
Security |
policy |
with No 3rd |
|
|
policy |
policy |
policy |
with No 3rd |
|
Party |
|
|
|
|
|
Party |
|
Applications |
|
|
|
|
|
Applications |
|
IT policy |
|
|
|
|
|
IT policy |
|
|
|
|
|
|
|
|
|
|
Between |
|
|
|
|
|
|
|
Services |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Disable USB |
No |
— |
— |
— |
— |
Yes |
Yes |
Mass Storage |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Disallow Third |
No |
— |
— |
— |
Yes |
— |
Yes |
Party |
|
|
|
|
|
|
|
Application |
|
|
|
|
|
|
|
Download |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
External File |
Not required |
— |
— |
— |
— |
Encrypt to |
Encrypt to |
System |
|
|
|
|
|
user |
user |
Encryption level |
|
|
|
|
|
password |
password |
|
|
|
|
|
|
(excluding |
(excluding |
|
|
|
|
|
|
multimedia |
multimedia |
|
|
|
|
|
|
directories) |
directories) |
|
|
|
|
|
|
|
|
Force Lock |
No |
— |
— |
Yes |
Yes |
Yes |
Yes |
When Holstered |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Reset to Factory |
No |
Yes |
— |
— |
— |
— |
— |
Defaults on Wipe |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Service Exclusivity policy group |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Allow Other |
Yes |
Yes |
— |
— |
— |
— |
— |
Calendar |
|
|
|
|
|
|
|
Services |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Allow Other |
Yes |
Yes |
— |
— |
— |
— |
— |
Message |
|
|
|
|
|
|
|
Services |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Bluetooth policy group |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Disable Address |
No |
— |
— |
— |
— |
Yes |
Yes |
Book Transfer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Disable |
No |
— |
— |
Yes |
Yes |
Yes |
Yes |
Discoverable |
|
|
|
|
|
|
|
Mode |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security
IT policy rule |
Default IT |
Individual- |
Basic |
Medium |
Medium |
Advanced |
Advanced |
|
policy |
Liable |
Password |
Password |
Password |
Security IT |
Security |
|
|
Device IT |
Security IT |
Security IT |
Security |
policy |
with No 3rd |
|
|
policy |
policy |
policy |
with No 3rd |
|
Party |
|
|
|
|
|
Party |
|
Applications |
|
|
|
|
|
Applications |
|
IT policy |
|
|
|
|
|
IT policy |
|
|
|
|
|
|
|
|
|
|
Disable File |
No |
— |
— |
— |
— |
Yes |
Yes |
Transfer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Disable Serial |
No |
— |
— |
— |
— |
Yes |
Yes |
Port Profile |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Require LED |
No |
— |
— |
— |
— |
Yes |
Yes |
Connection |
|
|
|
|
|
|
|
Indicator |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Wi-Fi policy group |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Wi-Fi Allow |
Yes |
— |
No |
No |
No |
No |
No |
Handheld |
|
|
|
|
|
|
|
Changes |
|
|
|
|
|
|
|
|
|
|
|
|
|
||
Wireless Software Upgrades policy group |
|
|
|
|
|
||
|
|
|
|
|
|
|
|
Allow Non |
No |
Yes |
— |
— |
— |
— |
— |
Enterprise |
|
|
|
|
|
|
|
Upgrade |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Creating and importing IT policies
Create an IT policy
1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy.
2.Click Create an IT policy.
3.Type a name and description for the IT policy.
4.Click Save.
5.To configure the IT policy, perform the following actions:
a. In the IT policy information section, click the IT policy.
44
Administration Guide |
Using an IT policy to manage BlackBerry Enterprise Solution security |
b.Click Edit IT policy.
c.On a tab for an IT policy group, configure values for the IT policy rules.
d.Click Save All.
After you finish: For more information, see the BlackBerry Enterprise Server Policy Reference Guide.
Create an IT policy based on an existing IT policy
1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy.
2.Click Manage IT policies.
3.In the list of IT policies, click the IT policy that you want to copy.
4.Click Copy IT policy.
5.Type a name and description for the new IT policy.
6.Click Save.
7.To change the IT policy settings, perform the following actions:
a.In the IT policy information section, click the IT policy.
b.Click Edit IT policy.
c.On a tab for an IT policy group, change the appropriate values for the IT policy rules.
d.Click Save all.
After you finish: For more information, see the BlackBerry Enterprise Server Policy Reference Guide.
Related information
Preconfigured IT policies, 40
Import IT policy data
CAUTION: For you to import IT policy data successfully, the IT policy data file must contain all of the IT policies that are assigned to user accounts and groups in the BlackBerry Domain that you are importing IT policy data to.
Before you begin: Export IT policy data from a different BlackBerry Domain.
1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy.
2.Click Manage IT policies.
3.In the Manage IT policies section, click Import IT policy list.
4.In the IT policy import section, specify the following information:
45
Administration Guide |
Using an IT policy to manage BlackBerry Enterprise Solution security |
•Location of the data source file
•File encryption password that you use to protect the data source file
5.Click Next.
6.Click Add all IT policies.
Related information
Preconfigured IT policies, 40
Import IT policy rules from an IT policy pack
You can import the IT policy rules that Research In Motion releases in an IT policy pack into your organization's BlackBerry Enterprise Server.
1.Download the IT policy pack to your computer and extract the contents of the file.
2.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy.
3.Click Manage IT policy rules.
4.Click Import IT policy definitions.
5.Navigate to and select the XML file that contains the IT policy rules (for example, ITPolicyTemplate082409.xml).
6.Click Save.
Change the value for an IT policy rule
1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy.
2.Click Manage IT policies.
3.In the IT policy information section, click the IT policy.
4.Click Edit IT policy.
5.On a tab for an IT policy group, change the appropriate values for the IT policy rules.
6.Click Save all.
46
Administration Guide |
Using an IT policy to manage BlackBerry Enterprise Solution security |
Assign an IT policy to a group
1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Group.
2.Click Manage groups.
3.In the Manage groups section, click the group that you want to assign an IT policy to.
4.On the Policies tab, click Edit group.
5.In the drop-down list, click an IT policy.
6.Click Save all.
Related information
Adding a user account to the BlackBerry Enterprise Server, 85
Assigning IT policies and resolving IT policy conflicts, 49
Assign an IT policy to a user account
1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.
2.Click Manage users.
3.Search for a user account.
4.In the search results, click the display name of the user account.
5.On the Policies tab, click Edit user.
6.In the drop-down list, click an IT policy.
7.Click Save all.
Related information
Adding a user account to the BlackBerry Enterprise Server, 85
Assigning IT policies and resolving IT policy conflicts, 49
47
Administration Guide |
Using an IT policy to manage BlackBerry Enterprise Solution security |
Sending an IT policy over the wireless network
If your organization's environment includes C++ based BlackBerry devices that are running BlackBerry Device Software version 2.5 or later or Java based devices that are running BlackBerry Device Software version 3.6 or later, the BlackBerry Enterprise Server can send changes to IT policies to a device over the wireless network automatically. When the device receives an updated IT policy or a new IT policy, the device, BlackBerry Desktop Software, and BlackBerry Web Desktop Manager apply the configuration changes immediately.
By default, the BlackBerry Enterprise Server is designed to resend an IT policy to the device within a short period of time after you update the IT policy using the BlackBerry Administration Service. You can also resend an IT policy to a specific device manually. You can configure the BlackBerry Enterprise Server to resend the IT policy to the device at scheduled intervals regardless of whether you changed the IT policy.
Related information
Using IT policy rules to manage BlackBerry Enterprise Solution security, 39 Assigning IT policies and resolving IT policy conflicts, 49
Preconfigured IT policies, 40
Resend an IT policy to a BlackBerry device manually
1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.
2.Click Manage users.
3.Search for a user account.
4.In the search results, click the display name for the user account.
5.On the Policies tab, click View resolved IT policy data.
6.Click Resend IT policy to a device.
Resend an IT policy to a BlackBerry device automatically
1.In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology.
48
Administration Guide |
Using an IT policy to manage BlackBerry Enterprise Solution security |
2.Expand BlackBerry Domain > Component view.
3.In the Policy section, click an instance.
4.Click Edit instance.
5.In the General section, in the Policy resend interval (hours) field, type an interval that you want the BlackBerry device to resend the IT policy at.
6.Click Save All.
Assigning IT policies and resolving IT policy conflicts
You can assign IT policies directly to a user account or to a group. By default, if you do not assign an IT policy to a user account or a group that the user is a member of, the BlackBerry Enterprise Server applies the Default IT policy to the user account. If you assign an IT policy to a group that a user account is a member of, the BlackBerry Enterprise Server applies the group IT policy to the user account. If you assign an IT policy to the user account directly, the BlackBerry Enterprise Server applies this IT policy to the user account instead of the group IT policy or Default IT policy.
If a user account is a member of multiple groups that have different IT policies, the BlackBerry Enterprise Server must determine which IT policy to apply to the user account. You must use one of the following reconciliation options:
Method |
Description |
|
|
Apply one IT policy to the user account |
The BlackBerry Enterprise Server applies one of the group IT policies to the user |
|
account. You specify rankings for the available IT policies using the BlackBerry |
|
Administration Service and the BlackBerry Enterprise Server applies the IT |
|
policy with the highest ranking. |
|
If you upgrade to BlackBerry Enterprise Server 5.0 SP2 or later from a previous |
|
version of the BlackBerry Enterprise Server, this is the default method for |
|
resolving IT policy conflicts. |
|
|
Apply multiple IT policies to the user |
The BlackBerry Enterprise Server applies all of the group IT policies to the user |
account |
account, resulting in a combined IT policy that has a unique ID. The BlackBerry |
|
Enterprise Server resolves conflicting IT policy rules using the ranking of the |
|
available IT policies that you specified using the BlackBerry Administration |
|
Service. If an IT policy rule is different in the multiple IT policies, the BlackBerry |
|
Enterprise Server applies the rule setting from the IT policy that you ranked the |
|
highest. |
|
If you install BlackBerry Enterprise Server 5.0 SP2 or later, this is the default |
|
method for resolving IT policy conflicts. |
|
|
Related information |
|
49
Administration Guide |
Using an IT policy to manage BlackBerry Enterprise Solution security |
Option 1: Applying one IT policy to each user account, 50
Option 2: Applying multiple IT policies to each user account, 51
Option 1: Applying one IT policy to each user account
You can configure the BlackBerry Enterprise Server to apply only one IT policy to a user account when a user account is a member of multiple groups that have different IT policies. In this scenario, the BlackBerry Enterprise Server applies the IT policy that you ranked the highest in the BlackBerry Administration Service.
If you upgrade to BlackBerry Enterprise Server 5.0 SP2 or later from a previous version of the BlackBerry Enterprise Server, this is the default method for resolving IT policy conflicts. If you install BlackBerry Enterprise Server 5.0 SP2 or later, the default method for resolving IT policy conflicts is to apply multiple IT policies to each user account and create a combined IT policy that has a unique ID for the user account.
Reconciliation rules for conflicting IT policies when you apply one IT policy to the user account
The BlackBerry Enterprise Server can apply only one IT policy to a user account. Since you can assign IT policies to user accounts, groups, or the BlackBerry Domain, the BlackBerry Administration Service uses predefined rules to determine which IT policy it can apply to a user account.
The BlackBerry Administration Service might have to reconcile conflicting IT policies if you perform any of the following actions:
•add an IT policy to or remove an IT policy from a user account or group
•change an IT policy
•change the ranking of IT policies
•delete an IT policy
Scenario |
Rule |
|
|
You add a new user account to a BlackBerry Enterprise |
The IT policy that you assigned to the BlackBerry Domain, |
Server. You do not assign an IT policy directly to the user |
or the Default IT policy that is assigned to the BlackBerry |
account and you do not add the user to a group. |
Domain, is assigned to the user account. |
|
|
You assign an IT policy to a user account and a different IT |
The IT policy that you assign to a user account takes |
policy to a group that the user account belongs to. |
precedence over an IT policy that you assign to a group. An |
|
IT policy that you assign to a group takes precedence over |
|
the IT policy that you assign to the BlackBerry Domain (or |
|
the Default IT policy). |
|
|
A user account belongs to multiple groups. You assign |
The BlackBerry Enterprise Server applies the IT policy that |
multiple IT policies to the groups but do not assign an IT |
you ranked the highest in the BlackBerry Administration |
policy to the user account. |
Service to the user account. |
|
|
50
Loading...