Blackberry SWD-20120924140022907 User Manual

Loading...
Blackberry SWD-20120924140022907 User Manual

BlackBerry Enterprise Server for Microsoft Exchange

Version: 5.0

Service Pack: 3

Administration Guide

Published: 2012-09-24

SWD-20120924140022907

Contents

 

1

Overview: BlackBerry Enterprise Server .........................................................................................

21

 

Document revision history ................................................................................................................................................

21

 

Getting started in your BlackBerry Enterprise Server environment .....................................................................................

22

2

Log in to the BlackBerry Administration Service for the first time ....................................................

26

 

There is a problem with this website's security certificate ..................................................................................................

26

 

This connection is untrusted .............................................................................................................................................

27

3

Creating administrator accounts ....................................................................................................

29

 

Administrative roles and permissions ................................................................................................................................

29

 

Preconfigured administrative roles .............................................................................................................................

29

 

Creating roles ...................................................................................................................................................................

34

 

Create a role ..............................................................................................................................................................

34

 

Create a role based on an existing role ........................................................................................................................

35

 

Create an administrator account .......................................................................................................................................

35

 

Add an administrator account to a group ..........................................................................................................................

36

 

Specify an email address for the BlackBerry Administration Service ..................................................................................

37

 

Permit an administrator to log in to the BlackBerry Administration Service using a messaging server account ....................

37

 

Assign a BlackBerry device to an administrator account ....................................................................................................

38

4

Using an IT policy to manage BlackBerry Enterprise Solution security ............................................

39

 

Using IT policy rules to manage BlackBerry Enterprise Solution security ............................................................................

39

 

Preconfigured IT policies ..................................................................................................................................................

40

 

Default values for preconfigured IT policies ................................................................................................................

41

 

Creating and importing IT policies .....................................................................................................................................

44

 

Create an IT policy .....................................................................................................................................................

44

 

Create an IT policy based on an existing IT policy ........................................................................................................

45

 

Import IT policy data ..................................................................................................................................................

45

 

Import IT policy rules from an IT policy pack ...............................................................................................................

46

 

Change the value for an IT policy rule ................................................................................................................................

46

 

Assign an IT policy to a group ............................................................................................................................................

47

 

Assign an IT policy to a user account .................................................................................................................................

47

 

Sending an IT policy over the wireless network ..................................................................................................................

48

 

Resend an IT policy to a BlackBerry device manually ..................................................................................................

48

 

Resend an IT policy to a BlackBerry device automatically ...........................................................................................

48

 

Assigning IT policies and resolving IT policy conflicts .........................................................................................................

49

 

Option 1: Applying one IT policy to each user account ................................................................................................

50

 

Option 2: Applying multiple IT policies to each user account .......................................................................................

51

 

View the resolved IT policy rules that are assigned to a user account ...........................................................................

54

 

Deactivating BlackBerry devices that do not have IT policies applied .................................................................................

54

 

Deactivate BlackBerry devices that do not have IT policies applied .............................................................................

55

 

Creating new IT policy rules to control third-party applications ...........................................................................................

55

 

Create an IT policy rule for a third-party application ....................................................................................................

55

 

Change or delete IT policy rules for third-party applications ........................................................................................

56

 

Export all IT policy data to a data file .................................................................................................................................

56

 

Delete an IT policy ............................................................................................................................................................

57

5

Configuring security options ..........................................................................................................

58

 

Encrypting data that the BlackBerry Enterprise Server and a BlackBerry device send to each other ...................................

58

 

Algorithms that the BlackBerry Enterprise Solution uses to encrypt data .....................................................................

58

 

Change the symmetric key encryption algorithm that the BlackBerry Enterprise Solution uses ....................................

59

 

Managing device access to the BlackBerry Enterprise Server ............................................................................................

59

 

Turn on the Enterprise Service Policy .........................................................................................................................

60

 

Configure the Enterprise Service Policy ......................................................................................................................

60

 

Permit a user to override the Enterprise Service Policy ................................................................................................

61

 

Extending messaging security to a BlackBerry device ........................................................................................................

61

 

Extending messaging security using PGP encryption ..................................................................................................

61

 

Extending messaging security using S/MIME encryption .............................................................................................

62

 

Enforcing secure messaging using classifications ..............................................................................................................

65

 

Create a message classification .................................................................................................................................

65

 

Create a message classification based on an existing message classification ..............................................................

66

 

Order message classifications ....................................................................................................................................

66

 

Delete a message classification ..................................................................................................................................

67

 

Generating organization-specific encryption keys for PIN-message encryption ..................................................................

67

 

Generate a PIN encryption key ...................................................................................................................................

67

 

Turn off BlackBerry services that the BlackBerry MDS Connection Service, BlackBerry Collaboration Service, and

 

 

BlackBerry MVS provide ...................................................................................................................................................

68

 

When a BlackBerry device overwrites data in the BlackBerry device memory .....................................................................

68

 

Changing when a BlackBerry device cleans the BlackBerry device memory ................................................................

69

 

Best practice: Configuring additional memory cleaner settings for BlackBerry devices ................................................

70

6

Configuring the BlackBerry Enterprise Server environment ............................................................

71

 

Best practice: Running the BlackBerry Enterprise Server ..................................................................................................

71

 

Configuring certain BlackBerry Enterprise Server components to use proxy servers ...........................................................

72

 

Configure a BlackBerry Enterprise Server component to use a .pac file .......................................................................

72

 

Configure a BlackBerry Enterprise Server component to use a proxy server .................................................................

73

 

Configure a BlackBerry Enterprise Server component to authenticate to a proxy server on behalf of BlackBerry

 

 

devices ......................................................................................................................................................................

74

 

Configuring the BlackBerry Administration Service to use a proxy server ............................................................................

74

 

Configuring proxy selection for the BlackBerry Administration Service ........................................................................

75

 

Configuring the BlackBerry Administration Service to authenticate with a proxy server ................................................

77

 

Configuring multiple BlackBerry Enterprise Server instances to use the same BlackBerry Enterprise Server component .....

79

 

Configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry MDS Connection Service ........

79

 

Configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry Collaboration Service .............

80

 

Configuring support for Unicode languages .......................................................................................................................

80

 

Configure support for Unicode languages ...................................................................................................................

80

 

Change the character encoding that the BlackBerry Enterprise Server uses to send Unicode messages ......................

81

 

Configure support for Unicode text in calendars on BlackBerry devices in a Microsoft Exchange environment .............

82

7

Configuring user accounts .............................................................................................................

84

 

Creating user groups ........................................................................................................................................................

84

 

Create a group to manage similar user accounts .........................................................................................................

84

 

Add user accounts to a group .....................................................................................................................................

84

 

Adding a user account to the BlackBerry Enterprise Server ...............................................................................................

85

 

Add a user account ....................................................................................................................................................

85

 

Create a user account that is not in the contact list in the BlackBerry Configuration Database .....................................

86

 

Export a list of user accounts ......................................................................................................................................

87

 

Importing a list of user accounts to a BlackBerry Enterprise Server .............................................................................

87

8

Assigning BlackBerry devices to users ...........................................................................................

91

 

Preparing to distribute a BlackBerry device .......................................................................................................................

91

 

Change how the BlackBerry Enterprise Server downloads a user's existing email messages onto the BlackBerry

 

 

device .......................................................................................................................................................................

91

 

Prevent the BlackBerry Enterprise Server from synchronizing existing email messages onto a BlackBerry device ........

92

 

Assigning BlackBerry devices to user accounts .................................................................................................................

92

 

Option 1: Activate a BlackBerry device using the BlackBerry Administration Service ...................................................

93

 

Option 2: Activating a BlackBerry device over the wireless network .............................................................................

94

 

Option 3: Activating BlackBerry devices over the LAN .................................................................................................

97

 

Option 4: Activating BlackBerry devices using the BlackBerry Web Desktop Manager .................................................

98

 

Option 5: Activating BlackBerry devices over an enterprise Wi-Fi network ...................................................................

98

9

Configuring BlackBerry Enterprise Server high availability ............................................................

101

 

Check the health of a BlackBerry Enterprise Server .........................................................................................................

101

 

Availability state and failover status of the BlackBerry Enterprise Server ...................................................................

101

 

How the BlackBerry Enterprise Server uses health parameters ........................................................................................

102

 

Defining when failover occurs ..................................................................................................................................

102

 

Changing the promotion threshold and failover threshold ................................................................................................

104

 

Change the promotion threshold and failover threshold and the order of the health parameters ................................

104

 

Changing when automatic failover occurs by customizing the health parameters for user accounts and messaging

 

 

servers ....................................................................................................................................................................

106

 

Prerequisites: Configuring the BlackBerry Enterprise Server pair to fail over automatically ...............................................

108

 

Configure the BlackBerry Enterprise Server to fail over automatically ...............................................................................

108

 

Monitoring the BlackBerry Enterprise Server for an automatic failover event ....................................................................

109

 

Use the BlackBerry Administration Service to find the time and reason for the last automatic failover event ...............

109

 

Fail over the BlackBerry Enterprise Server manually using the BlackBerry Administration Service ....................................

109

 

Fail over the BlackBerry Enterprise Server manually using the BlackBerry Configuration Panel ........................................

110

10

Configuring high availability for BlackBerry Enterprise Server components ...................................

111

 

Creating a BlackBerry MDS Connection Service pool for high availability ..........................................................................

111

 

Create a BlackBerry MDS Connection Service pool for high availability ......................................................................

111

 

Configure the BlackBerry MDS Connection Service and BlackBerry Collaboration Service to fail over automatically ..........

112

 

Create a BlackBerry Collaboration Service pool for high availability ..................................................................................

113

 

Create a BlackBerry Attachment Service pool for high availability ....................................................................................

114

 

You cannot determine the BlackBerry Attachment Connector that the BlackBerry Enterprise Server or the

 

 

BlackBerry MDS Connection Service uses ................................................................................................................

115

 

Create a BlackBerry Router pool for high availability ........................................................................................................

116

 

Permit a BlackBerry Enterprise Server to connect to a remote BlackBerry Router .....................................................

117

 

Creating a BlackBerry Administration Service pool that includes the BlackBerry Web Desktop Manager using DNS

 

 

round robin ....................................................................................................................................................................

118

 

Configure the BlackBerry Administration Service instances in a pool to communicate across network subnets ..........

119

 

Changing the name of the BlackBerry Administration Service pool ..................................................................................

119

 

Change the name of the BlackBerry Administration Service pool ..............................................................................

120

 

Fail over the BlackBerry MDS Connection Service or BlackBerry Collaboration Service manually .....................................

120

 

Monitoring the high availability status or job deployment status using the BlackBerry Administration Service ...................

121

 

Monitor the high availability status or job deployment status using the BlackBerry Administration Service .................

122

 

Remove a BlackBerry MDS Connection Service instance from a pool ...............................................................................

122

 

Remove a BlackBerry Collaboration Service instance from a pool ....................................................................................

123

 

Remove a BlackBerry Attachment Service instance from a pool ......................................................................................

123

 

Remove a BlackBerry Router instance from a pool ..........................................................................................................

124

11

Configuring BlackBerry Configuration Database high availability ..................................................

125

 

Prerequisites: Configuring database mirroring or database replication of the BlackBerry Configuration Database .............

125

 

Configuring database mirroring .......................................................................................................................................

126

 

Stop the BlackBerry Enterprise Server instances ......................................................................................................

126

 

Configure database mirroring for the BlackBerry Configuration Database .................................................................

127

 

Start the BlackBerry Enterprise Server instances ......................................................................................................

127

 

Configure the BlackBerry Enterprise Solution to support database mirroring .............................................................

128

 

Resend the database mirroring parameters to BlackBerry Enterprise Server components .........................................

129

 

Configuring the BlackBerry Configuration Database for one-way transactional replication in an environment that

 

 

includes Microsoft SQL Server 2005 or 2008 ...................................................................................................................

130

 

Stop the BlackBerry Enterprise Server instances ......................................................................................................

130

 

Create the replicated BlackBerry Configuration Database from a backup ..................................................................

130

 

Permit access to the BlackBerry Configuration Database instances ..........................................................................

131

 

Configure the publication for the BlackBerry Configuration Database .......................................................................

131

 

Increase the maximum data size for transactional replication ...................................................................................

132

 

Prepare the database server that hosts the replicated BlackBerry Configuration Database and configure the

 

 

subscription ............................................................................................................................................................

133

 

Start the BlackBerry Enterprise Server instances ......................................................................................................

134

 

Reacting if the BlackBerry Configuration Database that you configured for transactional replication stops responding .....

134

 

Return to the BlackBerry Configuration Database when you configured transactional replication .....................................

135

 

Configuring a new mirror BlackBerry Configuration Database ..........................................................................................

135

12

Sending software and BlackBerry Java Applications to BlackBerry devices ...................................

136

 

Managing BlackBerry Java Applications and BlackBerry Device Software ........................................................................

136

 

Developing BlackBerry Java Applications for BlackBerry devices .....................................................................................

137

 

Preparing to distribute BlackBerry Java Applications .......................................................................................................

137

 

Specify a shared network folder for BlackBerry Java Applications .............................................................................

138

 

Add a BlackBerry Java Application to the application repository ...............................................................................

139

 

Add a collaboration client to the application repository .............................................................................................

139

 

Specify keywords for a BlackBerry Java Application ..................................................................................................

140

 

Configuring application control policies ...........................................................................................................................

140

 

Standard application control policies .......................................................................................................................

140

 

Change a standard application control policy ...........................................................................................................

141

 

Create custom application control policies for a BlackBerry Java Application ............................................................

141

 

IT policy rules take precedence on smartphones ......................................................................................................

143

 

Application control policies for unlisted applications .......................................................................................................

143

 

Change the standard application control policy for unlisted applications that are optional .........................................

143

 

Create an application control policy for unlisted applications ....................................................................................

144

 

Configure the priority of application control policies for unlisted applications ............................................................

144

 

Creating software configurations .....................................................................................................................................

145

 

Create a software configuration ................................................................................................................................

146

 

Add a BlackBerry Java Application to a software configuration .................................................................................

146

 

Assign a software configuration to a group ................................................................................................................

147

 

Assign a software configuration to multiple user accounts ........................................................................................

148

 

Assign a software configuration to a user account .....................................................................................................

148

 

Install BlackBerry Java Applications on a BlackBerry device at a central computer ..........................................................

149

 

View the status of a job ...................................................................................................................................................

150

 

View the status of a task ...........................................................................................................................................

150

 

Stopping a job that is running ..........................................................................................................................................

158

 

Stop a job that is running .........................................................................................................................................

159

 

View the users that have a BlackBerry Java Application installed on their BlackBerry devices ..........................................

159

 

View how the BlackBerry Administration Service resolved software configuration conflicts for a user account ...................

160

 

Reconciliation rules for conflicting settings in software configurations .............................................................................

161

 

Reconciliation rules: BlackBerry Java Applications ...................................................................................................

162

 

Reconciliation rules: BlackBerry Device Software .....................................................................................................

164

 

Reconciliation rules: Standard application settings ...................................................................................................

165

 

Reconciliation rules: Application control policies ......................................................................................................

166

 

Reconciliation rules: Application control policies for unlisted applications .................................................................

166

13

Alternative methods for installing BlackBerry Java Applications on BlackBerry devices ................

168

 

Installing BlackBerry Java Applications on BlackBerry devices without using the BlackBerry Administration Service ........

168

 

Developing BlackBerry Java Applications for BlackBerry devices .....................................................................................

168

 

Methods you can use to install BlackBerry Java Applications on BlackBerry devices ........................................................

169

 

Installing BlackBerry Java Applications using the BlackBerry Desktop Software ...............................................................

170

 

Prerequisites: Installing BlackBerry Java Applications using the BlackBerry Desktop Software ..................................

170

 

Make the BlackBerry Java Application available to the BlackBerry Desktop Software ................................................

171

 

Install the BlackBerry Java Application using the BlackBerry Desktop Software ........................................................

171

 

Installing BlackBerry Java Applications using the BlackBerry Application Web Loader .....................................................

172

 

Prerequisites: Installing BlackBerry Java Applications using the BlackBerry Application Web Loader ........................

172

 

Enable the BlackBerry Application Web Loader on a web server ...............................................................................

173

 

Install the BlackBerry Java Application using the BlackBerry Application Web Loader ...............................................

174

 

Installing BlackBerry Java Applications using the standalone application loader tool ........................................................

174

 

Prerequisites: Installing BlackBerry Java Applications using the standalone application loader tool ...........................

175

 

Add BlackBerry Java Application files to a shared network folder ..............................................................................

176

 

Share the Research In Motion folder that contains the BlackBerry Java Application ..................................................

176

 

Configure the standalone application loader tool to install the BlackBerry Java Application in automated mode .........

177

 

Install the BlackBerry Java Application using the standalone application loader tool .................................................

177

 

Installing BlackBerry Java Applications using a web browser on BlackBerry devices ........................................................

178

 

Prerequisites: Installing BlackBerry Java Applications using a web browser on BlackBerry devices ............................

178

 

Install the BlackBerry Java Application on a web server ............................................................................................

179

 

Install the BlackBerry Java Application using a web browser on the BlackBerry device ..............................................

179

14

Configuring how users access enterprise applications and web content .......................................

180

 

Specifying a BlackBerry MDS Connection Service as a central push server ......................................................................

180

 

Specify a BlackBerry MDS Connection Service as a central push server ....................................................................

181

 

Configuring how BlackBerry devices authenticate to content servers ...............................................................................

181

 

Configure how BlackBerry devices authenticate to content servers ...........................................................................

181

 

Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use

 

 

NTLM ......................................................................................................................................................................

182

 

Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use

 

 

Kerberos .................................................................................................................................................................

183

 

Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use

 

 

LTPA .......................................................................................................................................................................

183

 

Configuring the BlackBerry MDS Connection Service to authenticate devices to the RSA Authentication Manager .....

184

 

Configuring how the BlackBerry MDS Connection Service manages requests for web content ..........................................

186

 

Configure the BlackBerry MDS Connection Service to manage HTTP cookie storage .................................................

186

 

Configure the timeout limit for HTTP connections with BlackBerry devices ...............................................................

187

 

Configure the timeout limit for HTTP connections with web servers ...........................................................................

187

 

Configure the maximum number of times that the BlackBerry Browser accepts HTTP redirections ............................

188

 

Permitting push applications to make trusted connections to a BlackBerry MDS Connection Service ...............................

188

 

Create a key store to store certificates for use with HTTPS connections .....................................................................

189

 

Add a certificate for the BlackBerry MDS Connection Service ...................................................................................

189

 

Export the BlackBerry MDS Connection Service certificate to make it available to push applications .........................

190

 

Import the BlackBerry MDS Connection Service certificate to the key store of a push application ..............................

190

 

Permit push applications to select the transport protocol for PAP requests ......................................................................

191

 

Configuring a BlackBerry MDS Connection Service to trust web servers ...........................................................................

191

 

Specify whether the BlackBerry MDS Connection Service requires trusted HTTPS connections from web servers ......

192

 

Specify whether the BlackBerry MDS Connection Service requires trusted TLS connections from web servers ...........

192

 

Configuring certificate server information for the BlackBerry MDS Connection Service ..............................................

193

 

Add a retrieved certificate for a web server to the key store .......................................................................................

200

 

Permitting users to access intranet sites on BlackBerry devices using global login information .........................................

200

 

Configure global login information for intranet site access .........................................................................................

201

 

Configuring how the BlackBerry MDS Connection Service connects to BlackBerry devices ..............................................

201

 

Specify the maximum amount of data that a BlackBerry MDS Connection Service can send to BlackBerry devices ....

201

 

Specify the pending content timeout limit for a BlackBerry MDS Connection Service .................................................

202

 

Permit Java applications to use scalable socket connections with a BlackBerry MDS Connection Service ..................

202

 

Specify the thread pool size of a BlackBerry MDS Connection Service .......................................................................

202

 

Specify the maximum number of scalable socket connections ..................................................................................

203

 

Prevent the BlackBerry MDS Connection Service from using scalable HTTP .............................................................

203

 

Specify the port number that the web server listens on for push application requests ................................................

204

 

Specify how often a BlackBerry MDS Connection Service polls for configuration information .....................................

205

15

Setting up the messaging environment ........................................................................................

206

 

Creating email message filters ........................................................................................................................................

206

 

Create an email message filter that applies to all user accounts on a BlackBerry Enterprise Server ............................

206

 

Turn on an email message filter that applies to all user accounts on a BlackBerry Enterprise Server ..........................

207

 

Create an email message filter that applies to a specific user account .......................................................................

207

 

Turn on an email message filter that applies to a specific user account .....................................................................

208

 

Copying existing email message filters to another BlackBerry Enterprise Server ...............................................................

209

 

Export email message filters for a BlackBerry Enterprise Server ................................................................................

209

 

Import email message filters for a BlackBerry Enterprise Server ................................................................................

209

 

Copying existing email message filters to user accounts ..................................................................................................

210

 

Export email message filters for a user account ........................................................................................................

210

 

Import email message filters for a user account ........................................................................................................

210

 

Extension plug-ins for processing messages ....................................................................................................................

211

 

Install an extension plug-in application .....................................................................................................................

211

 

Add an extension plug-in to a BlackBerry Messaging Agent ......................................................................................

212

 

Change how a BlackBerry Messaging Agent uses extension plug-ins .........................................................................

213

 

Mapping contact information fields for synchronization and contact lookups ...................................................................

214

 

Map a contact information field in an email application to contact list fields on BlackBerry devices ...........................

214

 

Map a contact list field in an email application to a contact list field on a BlackBerry device ......................................

214

 

Map a contact information field in an email application to contact list fields on BlackBerry devices ...........................

215

 

Map a contact list field in an email application to a contact list field on a BlackBerry device ......................................

215

16

Configuring BlackBerry devices to enroll certificates over the wireless network .............................

217

 

Configure the certificate information using IT policies ......................................................................................................

217

 

Configure the BlackBerry MDS Connection Service to connect to the certificate authority ................................................

218

 

Add communication information to a BlackBerry MDS Connection Service configuration set .....................................

219

 

Assign a BlackBerry MDS Connection Service configuration set to a BlackBerry MDS Connection Service instance ...

220

 

Add certificate information to a Wi-Fi profile ....................................................................................................................

221

 

Managing an enrolled certificate .....................................................................................................................................

221

 

Change the polling interval, logging, and pool size for the BlackBerry MDS Connection Service connection to the

 

 

certificate authority ........................................................................................................................................................

222

 

Properties in the rimpublic.properties file .................................................................................................................

223

17

Making the BlackBerry Web Desktop Manager available to users .................................................

224

 

Installing the client components of the BlackBerry Web Desktop Manager on users' computers .......................................

224

 

Publish the client files for the BlackBerry Web Desktop Manager in a Windows GPO for Windows XP ................................

225

 

Publish the client files for the BlackBerry Web Desktop Manager in a Windows GPO for Windows Vista .............................

226

 

Configure the Microsoft ActiveX Installer on Windows Vista .......................................................................................

227

 

Configure users' computers to install the client file for the BlackBerry Web Desktop Manager automatically ....................

227

 

Make the BlackBerry Web Desktop Manager available to users .......................................................................................

229

18

Configuring the BlackBerry Web Desktop Manager ......................................................................

230

 

Permit users to perform administrative tasks using the BlackBerry Web Desktop Manager ...............................................

230

 

Permit users to activate devices using the BlackBerry Web Desktop Manager ..................................................................

231

 

Permit users to back up and restore data using the BlackBerry Web Desktop Manager ....................................................

231

 

Configure the domains for backing up data using the BlackBerry Web Desktop Manager .................................................

232

 

Change the text colors in the BlackBerry Web Desktop Manager .....................................................................................

232

 

BlackBerry Web Desktop Manager text colors ..........................................................................................................

233

 

Display a custom image in the BlackBerry Web Desktop Manager ...................................................................................

234

 

Display the domain name on the login page of the BlackBerry Web Desktop Manager ......................................................

234

19

Creating and configuring Wi-Fi profiles and VPN profiles ..............................................................

235

 

Creating and configuring Wi-Fi profiles ............................................................................................................................

235

 

Prerequisites: Creating Wi-Fi profiles and VPN profiles .............................................................................................

235

 

Create a Wi-Fi profile ...............................................................................................................................................

237

 

Create a Wi-Fi profile based on an existing Wi-Fi profile ............................................................................................

237

 

Configure a Wi-Fi profile on a BlackBerry device .......................................................................................................

238

 

Assign a Wi-Fi profile to a group ...............................................................................................................................

238

 

Assign a Wi-Fi profile to a user account ....................................................................................................................

238

 

Configure a Wi-Fi profile ...........................................................................................................................................

239

 

Creating and configuring VPN profiles .............................................................................................................................

239

 

Create a VPN profile ................................................................................................................................................

240

 

Create a VPN profile based on an existing VPN profile ...............................................................................................

240

 

Configure a VPN profile ............................................................................................................................................

240

 

Assign a VPN profile to a group ................................................................................................................................

241

 

Assign a VPN profile to a user account .....................................................................................................................

241

 

Associate a VPN profile with a Wi-Fi profile ...............................................................................................................

242

 

Delete a Wi-Fi profile ......................................................................................................................................................

242

 

Delete a VPN profile .......................................................................................................................................................

243

 

Importing profile information from a .csv file ....................................................................................................................

243

 

Best practices: Creating a .csv file that contains profile information that you want to import ......................................

243

 

Create a .csv file that contains profile information that you want to import .................................................................

244

 

Import profile information from a .csv file ..................................................................................................................

246

20

Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices ...........

247

 

Configuring WEP encryption ...........................................................................................................................................

247

 

Configure WEP keys for BlackBerry devices using a Wi-Fi profile ...............................................................................

247

 

Configuring PSK encryption ............................................................................................................................................

248

 

Configure PSK encryption data for BlackBerry devices using a Wi-Fi profile ...............................................................

249

 

Configuring LEAP authentication ....................................................................................................................................

249

 

Configure LEAP authentication data for BlackBerry devices using a Wi-Fi profile .......................................................

250

 

Configuring PEAP authentication ....................................................................................................................................

250

 

Configure PEAP authentication data for BlackBerry devices using a Wi-Fi profile .......................................................

251

 

Prerequisites: Distributing a certificate using the BlackBerry Desktop Manager ........................................................

252

 

Distribute a certificate using the BlackBerry Desktop Manager .................................................................................

252

 

Configure PEAP configuration settings in the Wi-Fi profile on a BlackBerry device .....................................................

253

 

Configuring EAP-TLS authentication ...............................................................................................................................

254

 

Configure EAP-TLS authentication data for BlackBerry devices using a Wi-Fi profile ..................................................

255

 

Configure EAP-TLS configuration settings in the Wi-Fi profile on a BlackBerry device ................................................

256

 

Configuring EAP-TTLS authentication .............................................................................................................................

256

 

Configure EAP-TTLS authentication data for BlackBerry devices using a Wi-Fi profile ................................................

257

 

Configure EAP-TTLS configuration settings in the Wi-Fi profile on a BlackBerry device ..............................................

258

 

Configuring EAP-FAST authentication .............................................................................................................................

259

 

Configure EAP-FAST authentication .........................................................................................................................

259

 

Send EAP-FAST authentication data to a BlackBerry device using a Wi-Fi profile ......................................................

260

 

Configure EAP-FAST configuration settings in the Wi-Fi profile on BlackBerry devices ...............................................

261

21

Configuring software tokens for BlackBerry devices .....................................................................

262

 

Prerequisites: Configuring BlackBerry devices for RSA authentication .............................................................................

262

 

Configure BlackBerry devices for RSA authentication ......................................................................................................

263

 

Configure RSA authentication over a Wi-Fi network using a software token ......................................................................

264

 

Configure RSA authentication over a VPN network using a software token .......................................................................

264

 

Assign software tokens to a user account ........................................................................................................................

265

22

Changing the security settings of the BlackBerry Administration Service and BlackBerry Web

 

 

Desktop Manager ........................................................................................................................

266

 

Import a new SSL certificate for the BlackBerry Administration Service and BlackBerry Web Desktop Manager ................

266

 

Configuring Microsoft Active Directory authentication in an environment that includes a resource forest ..........................

267

 

Change the information for Microsoft Active Directory authentication .......................................................................

268

 

Configuring single sign-on authentication for the BlackBerry Administration Service and BlackBerry Web Desktop

 

 

Manager ........................................................................................................................................................................

269

 

Configure constrained delegation for the Microsoft Active Directory account to support single sign-on

 

 

authentication .........................................................................................................................................................

270

 

Turn on single sign-on authentication for the BlackBerry Administration Service .......................................................

270

 

BlackBerry Administration Service web addresses and BlackBerry Web Desktop Manager web addresses that

 

 

support BlackBerry Administration Service single sign-on .........................................................................................

271

 

Changing password settings for BlackBerry Administration Service authentication ..........................................................

272

 

Change password settings for BlackBerry Administration Service authentication ......................................................

272

 

Regenerate the system credentials for the BlackBerry Administration Service .................................................................

273

23

Protecting and redistributing devices ...........................................................................................

274

 

Preparing a device for redistribution to a new user ..........................................................................................................

274

 

Use the BlackBerry Administration Service to delete user data and assign the device to a new user ...........................

274

 

Use the BlackBerry Administration Service to delete device data and disable the device before assigning the

 

 

device to a new user ................................................................................................................................................

275

 

Deleting only work data from a device .............................................................................................................................

275

 

Delete only work data from a device .........................................................................................................................

277

 

Using IT administration commands to protect a lost or stolen device ...............................................................................

278

 

Protect a stolen device .............................................................................................................................................

279

 

Protect a lost device ................................................................................................................................................

279

 

Protect a lost device that a user might not recover ....................................................................................................

280

24

Managing administrator accounts ...............................................................................................

282

 

Change role permissions ................................................................................................................................................

282

 

Change the roles for an administrator account ................................................................................................................

282

 

Delete a role ...................................................................................................................................................................

283

 

Delete an administrator account .....................................................................................................................................

283

25

Managing groups and user accounts ...........................................................................................

285

 

Managing groups ............................................................................................................................................................

285

 

Using default groups to manage user accounts and administrator accounts ..............................................................

285

 

Remove a user account from a group .......................................................................................................................

286

 

Change the properties of a group .............................................................................................................................

287

 

Rename a group ......................................................................................................................................................

287

 

Delete a group .........................................................................................................................................................

287

 

Managing user accounts .................................................................................................................................................

288

 

Move a user account to a different group ..................................................................................................................

288

 

Move a user account from one BlackBerry Enterprise Server to another ....................................................................

289

 

Delete a user account from the BlackBerry Enterprise Server ...................................................................................

289

 

Update a user account manually ..............................................................................................................................

290

 

Add an administrator role to a user account .............................................................................................................

290

 

Update the contact list manually ..............................................................................................................................

290

 

Resend service books to a BlackBerry device ...........................................................................................................

291

26

Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device

 

 

settings to BlackBerry devices .....................................................................................................

292

 

Managing the default distribution settings for jobs ...........................................................................................................

292

 

Change default settings for a job schedule ...............................................................................................................

292

 

Change how IT policies are sent to BlackBerry devices .............................................................................................

293

 

Change how to install, update, or remove BlackBerry Java Applications ....................................................................

294

 

Change how to install or update the BlackBerry Device Software ..............................................................................

296

 

Change how the BlackBerry Enterprise Server sends standard application settings to BlackBerry devices .................

297

 

Managing the distribution settings for a specific job ........................................................................................................

298

 

Specify the start time and priority for a job ................................................................................................................

299

 

Change how a job sends IT policies to BlackBerry devices ........................................................................................

299

 

Change how a job sends BlackBerry Java Applications to BlackBerry devices ...........................................................

300

 

Change how a job sends the BlackBerry Device Software to BlackBerry devices ........................................................

302

 

Change how a job sends standard application settings to BlackBerry devices ...........................................................

303

 

Managing BlackBerry Java Applications on BlackBerry devices .......................................................................................

304

 

Make a BlackBerry Java Application unavailable for installation ................................................................................

304

 

Remove a BlackBerry Java Application from BlackBerry devices over the wireless network .......................................

305

 

Managing software configurations ..................................................................................................................................

306

 

Remove a software configuration from a group .........................................................................................................

306

 

Remove a software configuration from multiple user accounts ..................................................................................

306

 

Remove a software configuration from a user account ..............................................................................................

307

 

Delete a software configuration ................................................................................................................................

307

27

Managing how users access enterprise applications and web content ..........................................

308

 

Restricting user access to content on web servers ...........................................................................................................

308

 

Restrict requests for content on web servers from BlackBerry devices ......................................................................

308

 

Specify web address patterns ..................................................................................................................................

309

 

Create a pull rule .....................................................................................................................................................

309

 

Restrict or permit web addresses and Intranet addresses using a pull rule ................................................................

310

 

Assign a pull rule to the members of a group ............................................................................................................

311

 

Assign a pull rule to user accounts ...........................................................................................................................

311

 

Restricting user access to media content in the BlackBerry Browser ...............................................................................

312

 

Prevent users from accessing specific media types ..................................................................................................

312

 

Configure download limits for media content types ...................................................................................................

312

 

Default download limits for media content types .......................................................................................................

313

 

Configuring Integrated Windows authentication so that users can access resources on your organization's network .........

314

 

Configuring the Microsoft Active Directory account to delegate access .....................................................................

315

 

Configuring the BlackBerry MDS Connection Service when the messaging server is located in a remote Microsoft

 

 

Active Directory domain ...........................................................................................................................................

317

 

Turn on Integrated Windows authentication so that users can access resources on your organization's network ........

318

 

Restricting the push application content that users can receive .......................................................................................

320

 

Restrict push applications from sending data to BlackBerry devices .........................................................................

320

 

Create push initiators for push applications ..............................................................................................................

320

 

Turn on push authorization ......................................................................................................................................

321

 

Create a push rule ...................................................................................................................................................

322

 

Assign push initiators to a push rule .........................................................................................................................

322

 

Assign a push rule to the members of a group ...........................................................................................................

323

 

Assign a push rule to user accounts .........................................................................................................................

323

 

Encrypt push requests that push applications send to BlackBerry devices ................................................................

324

 

Managing push application requests ...............................................................................................................................

324

 

Specify device ports for application-reliable push requests .......................................................................................

324

 

Store push application requests in the BlackBerry Configuration Database ...............................................................

325

 

Configure the settings for storing push requests in the BlackBerry Configuration Database .......................................

326

 

Configure the maximum number of active connections that a BlackBerry MDS Connection Service can process ........

326

 

Configure the maximum number of queued connections that a BlackBerry MDS Connection Service can process .....

327

28

Managing organizer data synchronization ....................................................................................

328

 

Managing the wireless backup and recovery of organizer data .........................................................................................

328

 

Turn off the wireless backup of organizer data for a user account ..............................................................................

328

 

Delete organizer data for members of a user group from the BlackBerry Enterprise Server ........................................

329

 

Delete a user's organizer data from a BlackBerry Enterprise Server ..........................................................................

329

 

Turning off organizer data synchronization ......................................................................................................................

329

 

Turn off organizer data synchronization for all user accounts that are associated with a BlackBerry Enterprise

 

 

Server .....................................................................................................................................................................

330

 

Turn off organizer data synchronization for a specific user account ...........................................................................

330

 

Changing how organizer data synchronizes .....................................................................................................................

331

 

Change the direction of organizer data synchronization for all user accounts on a BlackBerry Enterprise Server ........

331

 

Change the direction of organizer data synchronization for a specific user account ...................................................

331

 

Change how the BlackBerry Administration Service resolves conflicts during organizer data synchronization for all

 

 

user accounts on a BlackBerry Enterprise Server ......................................................................................................

332

 

Change how the BlackBerry Administration Service resolves conflicts during organizer data synchronization for a

 

 

specific user account ...............................................................................................................................................

332

 

Synchronizing contact pictures .......................................................................................................................................

333

 

Turn off synchronization of contact pictures for a user account .................................................................................

333

29

Managing your organization's messaging environment and attachment support ...........................

335

Managing message forwarding .......................................................................................................................................

335

Forward email messages to a BlackBerry device when no filter rules apply ................................................................

335

Do not deliver email messages to a BlackBerry device when no filter rules apply .......................................................

336

Forward email messages from inbox subfolders to a BlackBerry device .....................................................................

336

Turn off email message forwarding to user accounts in a group .................................................................................

337

Turn off email message forwarding to a user account ................................................................................................

337

Turn off synchronization for email messages sent from a BlackBerry device ..............................................................

338

Turn off email message forwarding when a user connects a BlackBerry device to a computer ...................................

338

Managing the incoming message queue .........................................................................................................................

339

Delete email messages for user accounts from the incoming message queue ...........................................................

339

Managing wireless message reconciliation ......................................................................................................................

340

Turn off wireless message reconciliation for a BlackBerry Enterprise Server ..............................................................

340

Turn on reconciliation for email messages that are hard deleted ...............................................................................

340

Managing access to remote message data ......................................................................................................................

341

Prevent a user from checking the availability of meeting participants on the BlackBerry device .................................

341

Prevent a user from searching for remote email messages using a device .................................................................

342

Managing email messages that contain HTML and rich content ......................................................................................

343

View whether a user turned on support for email messages that contain HTML and rich content for a BlackBerry

 

device .....................................................................................................................................................................

343

Turn off support for rich text formatting and inline images in email messages for users on a BlackBerry Enterprise

 

Server .....................................................................................................................................................................

344

Turn off support for rich text formatting and inline images in email messages using an IT policy rule ..........................

345

Synchronizing folders on the BlackBerry device ..............................................................................................................

346

Control which published public contact folders a user can synchronize to a BlackBerry device ..................................

346

Control which personal contact subfolders a user can synchronize to a BlackBerry device ........................................

346

Control which personal mail folders a user can synchronize with a BlackBerry device ................................................

347

Configuring access to documents on remote file systems ................................................................................................

348

Configure the BlackBerry MDS Connection Service to communicate with a remote file system ..................................

348

Add communication information to a BlackBerry MDS Connection Service configuration set .....................................

349

Assign a BlackBerry MDS Connection Service configuration set to a BlackBerry MDS Connection Service instance ...

350

Managing signatures and disclaimers in email messages ................................................................................................

351

Add a signature to email messages that a user sends from a BlackBerry device ........................................................

351

Add a disclaimer to email messages that users send from BlackBerry devices ..........................................................

352

Add a disclaimer to email messages that a user sends from a BlackBerry device .......................................................

352

Specify conflict rules for disclaimers ........................................................................................................................

353

Turn off disclaimers for email messages ...................................................................................................................

353

Monitor email messages that users send from BlackBerry devices ...................................................................................

354

Sending notification messages to users ...........................................................................................................................

354

Send a notification message to all users in a BlackBerry Domain ..............................................................................

355

Send a notification message to all users on a BlackBerry Enterprise Server ...............................................................

355

Send a notification message to group members ........................................................................................................

355

Send a notification message to a user .......................................................................................................................

356

Change the size of the message state database ...............................................................................................................

356

How the BlackBerry Attachment Connector communicates with BlackBerry Attachment Service instances .....................

357

 

Change how a BlackBerry Attachment Connector retries sending requests to a BlackBerry Attachment Service ........

357

 

Change how a BlackBerry Attachment Connector restores a lost connection to a BlackBerry Attachment Service .....

358

 

Attachment file formats that the BlackBerry Attachment Service supports ......................................................................

359

 

Limitations for supported attachment file formats .....................................................................................................

359

 

Changing how a BlackBerry Attachment Service converts attachments ...........................................................................

361

 

Change how a BlackBerry Attachment Service converts attachments .......................................................................

361

 

Change the maximum file size for attachments that users can receive ......................................................................

363

 

Turn off support for an attachment file format for a BlackBerry Attachment Service .........................................................

364

 

Add support for an additional attachment file format to a BlackBerry Attachment Service ................................................

365

 

Changing how the BlackBerry Messaging Agent reconciles attachments to the messaging server ....................................

366

 

Change the maximum file size for attachments that users can send ..........................................................................

366

 

Prevent users from sending large attachments .........................................................................................................

367

 

Change the maximum file size of attachments that users can download ....................................................................

367

30

Managing calendars ....................................................................................................................

369

 

Configuring the BlackBerry Enterprise Server to use Microsoft Exchange Web Services or MAPI and CDO libraries ...........

369

 

Prerequisites: Configuring the BlackBerry Enterprise Server to use Microsoft Exchange Web Services .......................

369

 

Turn off client throttling in Microsoft Exchange 2010 ................................................................................................

370

 

Configure the BlackBerry Enterprise Server to use Microsoft Exchange Web Services ................................................

370

 

Configure the BlackBerry Enterprise Server to use MAPI and CDO libraries ...............................................................

371

 

Configure the BlackBerry Messaging Agent instances to use a web address for a specific Microsoft Autodiscover

 

 

service ....................................................................................................................................................................

372

 

Configure the BlackBerry Messaging Agent instances to use a specific web address for a client access server for

 

 

Microsoft Exchange .................................................................................................................................................

373

 

Configuring the BlackBerry Messaging Agent instances to look up the user's status using only Microsoft Exchange

 

 

Web Services ...........................................................................................................................................................

374

 

Correcting calendar synchronization errors on devices ....................................................................................................

375

 

Configuration levels using the BlackBerry Enterprise Trait Tool .................................................................................

375

 

Turn off corrective calendar synchronization ............................................................................................................

376

 

View the current settings for corrective calendar synchronization .............................................................................

377

 

Turn off automatic error correction in corrective calendar synchronization ................................................................

377

 

Configure the range of days to check for calendar synchronization errors ..................................................................

378

 

Configure when corrective calendar synchronization runs .........................................................................................

379

 

Logging information for corrective calendar synchronization .....................................................................................

380

 

Delete a setting for corrective calendar synchronization ...........................................................................................

381

 

Start corrective calendar synchronization manually for a user account ............................................................................

382

 

Improving the flow of email messages and calendar synchronization when the BlackBerry Enterprise Server runs on

 

 

Windows Server 2008 .....................................................................................................................................................

382

 

Change how the BlackBerry Enterprise Server creates temporary MAPI profiles for the CalHelper application ...........

383

31

Managing instant messaging .......................................................................................................

384

 

Installing a collaboration client on BlackBerry devices .....................................................................................................

384

 

Change the instant messaging server or pool that a BlackBerry Collaboration Service connects to ....................................

385

 

Change the transport protocol for a Microsoft instant messaging environment .................................................................

385

 

Specify the Windows domain name for users who log in to a collaboration client ..............................................................

386

 

Managing instant messaging sessions .............................................................................................................................

387

 

Specify the maximum number of instant messaging sessions that can be open at the same time ...............................

387

 

Specify the inactivity timeout limit for instant messaging sessions .............................................................................

387

 

Managing instant messaging features .............................................................................................................................

388

 

Prevent users from sending specific file types to instant messaging contacts using the BlackBerry Client for IBM

 

 

Lotus Sametime .......................................................................................................................................................

388

 

Specifying the maximum size of file types that users can send using the BlackBerry Client for IBM Lotus Sametime ..

388

 

Prevent users from sending instant messaging conversations in email messages ......................................................

389

 

Prevent users from saving instant messaging conversations .....................................................................................

389

 

Hide the icon that appears on BlackBerry devices for mobile contacts ......................................................................

389

 

Make additional contact information and phone numbers available for the BlackBerry Client for IBM Lotus

 

 

Sametime users .......................................................................................................................................................

390

32

Managing a BlackBerry Domain ..................................................................................................

392

 

Restarting BlackBerry Enterprise Server components .....................................................................................................

392

 

Restart a BlackBerry Enterprise Server component using the BlackBerry Administration Service ..............................

393

 

Restart a BlackBerry Enterprise Server component using Windows Services .............................................................

393

 

Best practice: Restarting more than one BlackBerry Administration Service instance ...............................................

394

 

Using the BlackBerry Enterprise Trait Tool ......................................................................................................................

394

 

Use the BlackBerry Enterprise Trait Tool ..................................................................................................................

394

 

BlackBerry Enterprise Trait Tool traits .............................................................................................................................

395

 

Permit the BlackBerry Messaging Agent to write statistics to Microsoft Exchange mailboxes ............................................

406

 

Managing BlackBerry CAL keys ......................................................................................................................................

407

 

Add or delete a BlackBerry CAL key .........................................................................................................................

407

 

Copy a BlackBerry CAL key to a text file ....................................................................................................................

408

 

Configuring the BlackBerry Mail Store Service instance that updates the contact list .......................................................

408

 

Configure the BlackBerry Mail Store Service instance that updates the contact list ...................................................

409

 

Configuring a Hosted BlackBerry services environment ...................................................................................................

409

 

Configuring Hosted BlackBerry services when you permit your organization’s customers limited access to

 

 

Microsoft Active Directory ........................................................................................................................................

410

 

Configure Hosted BlackBerry services when your organization’s customers have full control of their subtree in

 

 

Microsoft Active Directory ........................................................................................................................................

411

 

Configuring the BlackBerry Enterprise Server to use LDAP to retrieve email addresses and organizer data .......................

412

 

Configure the BlackBerry Enterprise Server to connect to Microsoft Active Directory .................................................

413

 

Configure the BlackBerry Enterprise Server to retrieve email addresses and organizer data using LDAP ....................

414

 

Prevent the BlackBerry Enterprise Server from retrieving contact information for specific users ................................

415

 

Restrict the location in Microsoft Active Directory that the BlackBerry Enterprise Server can retrieve email

 

 

addresses and organizer data from ..........................................................................................................................

416

 

Configuring BlackBerry Policy Service throttling ..............................................................................................................

416

 

View the current settings for BlackBerry Policy Service throttling ..............................................................................

417

 

Configuring BlackBerry Policy Service throttling for IT policies and service books ......................................................

417

 

Configuring BlackBerry Policy Service throttling for PIN encryption keys ...................................................................

419

 

Configuring BlackBerry Policy Service throttling for application polling .....................................................................

419

 

Delete a BlackBerry Policy Service throttling setting .................................................................................................

420

 

Change the port number that BlackBerry Enterprise Server components use to connect to the BlackBerry

 

 

Configuration Database ..................................................................................................................................................

421

 

Change the port number that the syslog tools use to monitor BlackBerry Enterprise Server events ...................................

422

33

BlackBerry Controller and BlackBerry Enterprise Server Component Monitoring ..........................

423

 

How the BlackBerry Controller monitors the BlackBerry Enterprise Server components ...................................................

423

 

Change how the BlackBerry Controller restarts the BlackBerry Messaging Agent ......................................................

423

 

Change how the BlackBerry Controller restarts a BlackBerry Enterprise Server service .............................................

426

 

BlackBerry Enterprise Server Alert Tool ...........................................................................................................................

428

 

Configuring notifications using the BlackBerry Enterprise Server Alert Tool ...............................................................

428

34

BlackBerry Enterprise Server log files ..........................................................................................

431

 

Monitoring PIN messages, SMS text messages, and calls ................................................................................................

431

 

Change the default location for the log files for PIN messages, SMS text messages, and calls ....................................

431

 

Log files for BlackBerry Enterprise Server components ....................................................................................................

433

 

Changing the location where BlackBerry Enterprise Server components save log files ...............................................

433

 

Changing how BlackBerry Enterprise Server components create log files ..................................................................

434

 

Component identifiers for log files ............................................................................................................................

439

 

BlackBerry MDS Connection Service log files ..................................................................................................................

440

 

Changing how the BlackBerry MDS Connection Service creates a log file ..................................................................

440

 

Using BlackBerry MDS Connection Service log files to view information for proxied connections to BlackBerry

 

 

devices ....................................................................................................................................................................

444

 

BlackBerry Collaboration Service log files ........................................................................................................................

445

 

Change which activities the BlackBerry Collaboration Service writes to a log file ........................................................

445

35

BlackBerry Enterprise Solution connection types and port numbers .............................................

447

 

BlackBerry Administration Service connection types and port numbers ...........................................................................

447

 

BlackBerry Attachment Service connection types and port numbers ...............................................................................

449

 

BlackBerry Collaboration Service connection types and port numbers .............................................................................

450

 

BlackBerry Configuration Database connection types and port numbers .........................................................................

452

 

BlackBerry Controller connection types and port numbers ..............................................................................................

453

 

BlackBerry Dispatcher connection types and port numbers ............................................................................................

454

 

BlackBerry Messaging Agent connection types and port numbers ...................................................................................

456

 

BlackBerry MDS Connection Service connection types and port numbers .......................................................................

459

 

BlackBerry Monitoring Service connection types and port numbers .................................................................................

460

 

BlackBerry Policy Service connection types and port numbers ........................................................................................

461

 

BlackBerry Router connection types and port numbers ...................................................................................................

462

 

BlackBerry Synchronization Service connection types and port numbers .........................................................................

464

 

CalHelper connection type and port number ...................................................................................................................

465

 

IBM Lotus Sametime connection type and port number ..................................................................................................

466

 

Microsoft Exchange connection types and port numbers .................................................................................................

466

 

Microsoft Office Live Communications Server 2005 connection types and port numbers ..................................................

467

 

BlackBerry Client for use with Microsoft Office Live Communications Server 2005 connection types and port numbers ....

467

 

Novell GroupWise Messenger connection type and port number .....................................................................................

468

 

SNMP agent connection types and port numbers ............................................................................................................

468

 

Syslog connection type and port number ........................................................................................................................

469

36

Troubleshooting ..........................................................................................................................

470

 

Troubleshooting: Connecting to the BlackBerry Administration Service ...........................................................................

470

 

The web browser displays an HTTP 404 or HTTP 504 error message when it tries to connect to a BlackBerry

 

 

Administration Service instance ...............................................................................................................................

470

 

Troubleshooting: BlackBerry Enterprise Server Performance ...........................................................................................

471

 

A BlackBerry Enterprise Server that you installed remotely from the BlackBerry Configuration Database uses an

 

 

unexpected amount of system resources and increases wireless network traffic .......................................................

471

 

Microsoft SQL Server uses a considerable amount of disk space ...............................................................................

472

 

Troubleshooting: Setting up user accounts ......................................................................................................................

472

 

You cannot create a user account in the BlackBerry Administration Service ..............................................................

472

 

You cannot find a new user account in the directory using the BlackBerry Administration Service .............................

473

 

Troubleshooting: Messaging ...........................................................................................................................................

473

 

Messages are not delivered to BlackBerry devices ....................................................................................................

473

 

Text does not appear correctly in Unicode email messages ......................................................................................

474

 

Troubleshooting: Instant messaging ................................................................................................................................

474

 

Users cannot view phone numbers for contacts in the BlackBerry Client for IBM Lotus Sametime .............................

474

 

A user did not accept a notification about an instant message on a computer and the notification disappeared .........

476

 

A user receives a 301 error when the user logs in to an instant messaging application on a BlackBerry device ...........

476

 

Troubleshooting: BlackBerry Web Desktop Manager .......................................................................................................

477

 

Troubleshooting: Users cannot log in to the BlackBerry Web Desktop Manager .........................................................

477

 

Troubleshooting: Connections to the Wi-Fi network .........................................................................................................

478

 

A BlackBerry device cannot connect to a Wi-Fi network ............................................................................................

478

 

A BlackBerry device cannot open a VPN connection ................................................................................................

487

 

A BlackBerry device cannot connect to the mobile network using UMA or GAN .........................................................

488

 

Verify whether a BlackBerry device can resolve an IP address ...................................................................................

489

 

Look up a computer name to resolve an IP address ..................................................................................................

489

 

Troubleshooting: BlackBerry Administration Service pools ..............................................................................................

490

 

BlackBerry Administration Service instances located in different network segments are not connecting to each

 

 

other .......................................................................................................................................................................

490

 

Troubleshooting: BlackBerry Monitoring Service connections ..........................................................................................

491

 

A user cannot log in to the BlackBerry Monitoring Service .........................................................................................

491

 

Troubleshooting: IT policies ............................................................................................................................................

492

 

I cannot find an IT policy rule in the BlackBerry Administration Service .....................................................................

492

37

Glossary ......................................................................................................................................

493

38

Legal notice ................................................................................................................................

498

Administration Guide

Overview: BlackBerry Enterprise Server

Overview: BlackBerry

 

1

Enterprise Server

 

 

The BlackBerry Enterprise Server is designed to be a secure, centralized link between an organization's wireless network, communications software, applications, and BlackBerry smartphones. The BlackBerry Enterprise Server integrates with your organization's existing infrastructure to provide smartphone users with mobile access to your organization's resources.

You can manage the BlackBerry Enterprise Server, smartphones, and user accounts using the BlackBerry Administration Service. You can access the BlackBerry Administration Service web application from any computer that can access the computer that hosts the BlackBerry Administration Service.

You can optionally install BlackBerry Mobile Fusion Studio in your organization's environment to provide a simplified administrative console for your organization's helpdesk administrators and an integrated view of the BlackBerry Enterprise Server and other MDM domains. For more information, visit http://www.blackberry.com/go/serverdocs to see the

BlackBerry Mobile Fusion Studio Feature and Technical Overview.

Document revision history

Date

Description

 

 

17 September 2012

Updated the following topics:

 

• Create an administrator account

 

• Permit users to perform administrative tasks using the BlackBerry Web

 

Desktop Manager

 

• Add a retrieved certificate for a web server to the key store

 

• Changing password settings for BlackBerry Administration Service

 

authentication

 

• Permit a BlackBerry Enterprise Server to connect to a remote BlackBerry

 

Router

 

• Use the BlackBerry Administration Service to delete device data and disable

 

the device before assigning the device to a new user

 

 

21

Administration Guide Overview: BlackBerry Enterprise Server

Date

Description

 

 

14 September 2011

Updated the following topics:

 

• Import IT policy data

 

• Reconciliation rules for conflicting IT policies when you apply multiple IT

 

policies to a user account

 

• Reconciliation rules for conflicting IT policies when you apply one IT policy to

 

the user account

 

• Troubleshooting: IT policies

 

• Mapping contact information fields for synchronization and contact lookups

 

• Map a contact information field in an email application to a contact list field

 

on BlackBerry devices

 

• Permit users to create activation passwords using the BlackBerry Web

 

Desktop Manager

 

 

3 August 2011

Added the following topic:

 

• Import IT policy rules from an IT policy pack

 

 

14 June 2011

Updated the following topics:

 

• Configuring a new mirror BlackBerry Configuration Database

 

• Configure the certificate information using IT policies

 

 

07 March 2011

Initial version

 

 

Getting started in your BlackBerry Enterprise Server environment

The following table lists the tasks that administrators typically perform after installing a BlackBerry Enterprise Server, and the chapter or section in the BlackBerry Enterprise Server Administration Guide that contains the information required to complete the task. Some of the tasks might not be required in your organization's environment.

Task

Chapter

 

 

Create administrator accounts.

Creating administrator accounts

 

 

22

Administration Guide Overview: BlackBerry Enterprise Server

Task

Chapter

 

 

Review the default IT policies. If necessary, change existing

Configuring security options

IT policies or create new IT policies.

• Section: Using an IT policy to manage BlackBerry

 

 

Enterprise Solution security

 

 

Add user accounts to the BlackBerry Enterprise Server.

Configuring user accounts

 

• Section: Adding a user account to the BlackBerry

 

Enterprise Server

 

 

Create groups.

Configuring user accounts

 

• Section: Creating groups

 

 

Add user accounts to groups.

Configuring user accounts

 

• Section: Add a user account to a group

 

 

Review the default distribution settings for IT policies. If

Managing the delivery of BlackBerry Java Applications,

necessary, change the default distribution settings.

BlackBerry Device Software, and device settings to

 

BlackBerry devices

 

• Section: Change how IT policies are sent to BlackBerry

 

devices

 

 

Assign IT policies to groups or user accounts.

Setting up security options

 

• Section: Assign an IT policy to a group

 

• Section: Assign an IT policy to a user account

 

 

Assign BlackBerry devices to user accounts.

Assigning BlackBerry devices to users

 

 

If necessary, change the default messaging settings for your

Setting up the messaging environment

organization's environment.

Managing your messaging environment and attachment

 

 

support

 

 

Prepare to distribute BlackBerry Java Applications.

Sending software and BlackBerry Java Applications to

 

BlackBerry devices

 

• Section: Preparing to distribute BlackBerry Java

 

Applications

 

 

Review the default distribution settings for BlackBerry Java

Managing the delivery of BlackBerry Java Applications,

Applications. If necessary, change the default distribution

BlackBerry Device Software, and device settings to

settings.

BlackBerry devices

 

 

23

Administration Guide Overview: BlackBerry Enterprise Server

Task

Chapter

 

 

 

• Section: Change how to install, update, or remove

 

BlackBerry Java Applications on BlackBerry devices

 

 

Review the default application control policies and

Sending software and BlackBerry Java Applications to

application control policies for unlisted applications. If

BlackBerry devices

necessary, change the existing application control policies.

• Section: Configuring application control policies

 

 

• Section: Application control policies for unlisted

 

applications

 

 

Create software configurations for BlackBerry Java

Sending software and BlackBerry Java Applications to

Applications.

BlackBerry devices

 

• Section: Creating software configurations

 

 

Assign software configurations for BlackBerry Java

Sending software and BlackBerry Java Applications to

Applications to groups, multiple user accounts, or individual

BlackBerry devices

user accounts.

• Section: Assign a software configuration to a group

 

 

• Section: Assign a software configuration to multiple user

 

accounts

 

• Section: Assign a software configuration to a user

 

account

 

 

Configure BlackBerry Enterprise Server high availability.

Configuring BlackBerry Enterprise Server high availability

 

 

Optional tasks

 

 

 

Task

Chapter

 

 

Update BlackBerry Device Software on BlackBerry devices.

Visit www.blackberry.com/go/serverdocs to see the

 

BlackBerry Device Software Update Guide.

 

 

Make the BlackBerry Web Desktop Manager available to

Making the BlackBerry Web Desktop Manager available to

users and configure the BlackBerry Web Desktop Manager.

users

 

Configuring the BlackBerry Web Desktop Manager

 

 

Change the default settings for your instant messaging

Managing instant messaging

environment.

 

 

 

Create and configure Wi-Fi and VPN profiles.

Creating and configuring Wi-Fi profiles and VPN profiles

 

 

Configure BlackBerry devices to enroll certificates.

Configuring BlackBerry devices to enroll certificates

 

 

24

Administration Guide Overview: BlackBerry Enterprise Server

Task

Chapter

 

 

Configure high availability for BlackBerry Enterprise Server

Configuring BlackBerry Enterprise Server high availability

components and for the BlackBerry Configuration

Configuring BlackBerry Configuration Database high

Database.

availability

 

 

 

Use the BlackBerry Monitoring Service to troubleshoot

Visit www.blackberry.com/go/serverdocs to see the

issues and monitor the health of a BlackBerry Enterprise

BlackBerry Enterprise Server Monitoring Guide.

Server.

 

 

 

Change how the BlackBerry Enterprise Server creates log

BlackBerry Enterprise Server log files

files.

 

 

 

25

Administration Guide

Log in to the BlackBerry Administration Service for the first time

Log in to the BlackBerry

 

2

Administration Service for the

 

 

first time

 

To open the BlackBerry Administration Service, you can use a browser on any computer that has access to the computer that hosts the BlackBerry Administration Service.

Before you begin: To manage a BlackBerry device using the BlackBerry Administration Service while the BlackBerry device is connected to the computer, the browser must permit Microsoft ActiveX controls.

1.In the browser, type https://<server_name>/webconsole/app, where <server_name> is the name of the computer that hosts the BlackBerry Administration Service.

2.In the User name field, type admin.

3.In the Password field, type the password that you created during the installation process.

4.In the Log in using drop-down list, click BlackBerry Administration Service or Active Directory Authentication.

5.Click Log in.

Related information

Best practice: Running the BlackBerry Enterprise Server, 71

The web browser displays an HTTP 404 or HTTP 504 error message when it tries to connect to a BlackBerry Administration Service instance, 470

There is a problem with this website's security certificate

Description

The browser displays this error message when you try to navigate to the BlackBerry Administration Service using Windows Internet Explorer version 7 or later.

26

Administration Guide

Log in to the BlackBerry Administration Service for the first time

Possible solution

Add the web address for the BlackBerry Administration Service to the list of trusted web sites in Windows Internet Explorer, and install the certificate for the BlackBerry Administration Service in the certificate store of your computer.

1.In Windows Internet Explorer, navigate to the BlackBerry Administration Service console.

2.Click Continue to this website (not recommended).

3.On the Tools menu, click Internet Options.

4.On the Security tab, click Local Intranet.

5.Click Sites.

6.Click Add to add the console to the list of trusted web sites.

7.Click Close.

8.Click OK.

9.In the browser window, on the toolbar, click Certificate Error.

10.Click View certificates.

11.Click Install certificate. The Certificate Import Wizard opens.

12.Complete the instructions in the Certificate Import Wizard. If you are trying to log in to the BlackBerry Administration Service using a computer that runs Windows Vista, perform the following actions in the Certificate Import Wizard.

a In the Certificate Store dialog box, click Place all certificates in the following store. b Click Browse.

c Click Trusted Root Certification Authorities. d Click OK.

13.Close and reopen the browser.

This connection is untrusted

Description

The browser displays this error message when you try to navigate to the BlackBerry Administration Service or BlackBerry Monitoring Service using Mozilla Firefox 3.6.

Possible solution

Install the certificate for the BlackBerry Administration Service or BlackBerry Monitoring Service in the certificate store of your computer.

1. In Firefox, navigate to the BlackBerry Administration Service console or BlackBerry Monitoring Service console.

27

Administration Guide

Log in to the BlackBerry Administration Service for the first time

2.Click I Understand the Risks.

3.Click Add Exception.

4.Click Confirm Security Exception.

5.Close and reopen the browser.

28

Administration Guide

Creating administrator accounts

Creating administrator

 

3

accounts

 

 

Administrative roles and permissions

You create roles for administrator accounts or assign preconfigured roles to administrator accounts so that you can specify what tasks an administrator can perform on the BlackBerry Enterprise Server.

You can specify the actions that administrators can perform by changing the permission that you assign to administrative roles. Permissions specify the information that administrators can view and the tasks that they can perform using the BlackBerry Administration Service and BlackBerry Monitoring Service. Each action that you perform in the BlackBerry Administration Service is associated with a specific permission. You can specify the actions that administrators can perform by changing the permission that you assign to administrative roles. For more information about performing specific tasks that are associated with the permissions, see the BlackBerry Enterprise Server Administration Guide. Roles do not apply to tasks that an administrator can perform using the BlackBerry Configuration Panel.

You can assign multiple roles to administrator accounts. If you assign multiple roles to an administrator account, the administrator is assigned all the permissions that are turned on for each of the roles.

You can also assign roles to groups and add administrator accounts to groups. This allows you to specify administrative role permissions at a group level instead of at an individual level. If the group contains BlackBerry device users, the roles are also assigned to the users and the users become administrators.

Preconfigured administrative roles

The BlackBerry Enterprise Server installation process includes preconfigured administrative roles. You can use the preconfigured administrative roles in your organization's environment instead of creating customize administrative roles. Each preconfigured administrative role contains multiple permissions that are turned on. The preconfigured administrative roles make sure that users that do not have specific administrative permissions cannot escalate their permissions. For example, junior helpdesk administrators cannot escalate their roles to senior helpdesk administrator roles. You can configure additional permissions in the preconfigured administrative roles or turn off any of the permissions.

29

Administration Guide Creating administrator accounts

 

 

Enterprise

Senior

Junior

Server only

User only

Permission name

Security role

Helpdesk

Helpdesk

role

role

role

 

 

role

role

 

 

 

 

 

 

 

 

 

 

 

 

Create a group

X

X

X

 

 

X

 

 

 

 

 

 

 

Delete a group

X

X

 

 

 

X

 

 

 

 

 

 

 

View a group (across Group)

X

X

X

X

 

X

 

 

 

 

 

 

 

Edit a group (across Group)

X

X

X

X

 

X

 

 

 

 

 

 

 

Create a user

X

X

X

 

 

X

 

 

 

 

 

 

 

Delete a user

X

X

X

 

 

X

 

 

 

 

 

 

 

View a user (across Group)

X

X

X

X

 

X

 

 

 

 

 

 

 

Edit a user (across Group)

X

X

X

X

 

X

 

 

 

 

 

 

 

View a device (across Group)

X

X

X

X

 

X

 

 

 

 

 

 

 

Edit a device (across Group)

X

X

X

X

 

X

 

 

 

 

 

 

 

View device activation

X

X

 

 

 

X

settings

 

 

 

 

 

 

 

 

 

 

 

 

 

Edit device activation

X

X

 

 

 

X

settings

 

 

 

 

 

 

 

 

 

 

 

 

 

Create an IT policy

X

X

 

 

 

X

 

 

 

 

 

 

 

Delete an IT policy

X

X

 

 

 

X

 

 

 

 

 

 

 

View an IT policy

X

X

X

X

 

X

 

 

 

 

 

 

 

Edit an IT policy

X

X

 

 

 

X

 

 

 

 

 

 

 

Import an IT policy

X

X

 

 

 

X

 

 

 

 

 

 

 

Export an IT policy

X

X

 

 

 

X

 

 

 

 

 

 

 

Create a user-defined IT

X

X

 

 

 

X

policy template

 

 

 

 

 

 

 

 

 

 

 

 

 

Delete a user-defined IT

X

X

 

 

 

X

policy template

 

 

 

 

 

 

 

 

 

 

 

 

 

Edit a user-defined IT policy

X

X

 

 

 

X

template

 

 

 

 

 

 

 

 

 

 

 

 

 

30

Administration Guide Creating administrator accounts

 

 

Enterprise

Senior

Junior

Server only

User only

Permission name

Security role

Helpdesk

Helpdesk

role

role

role

 

 

role

role

 

 

 

 

 

 

 

 

 

 

 

 

Import an IT policy template

X

X

 

 

 

X

 

 

 

 

 

 

 

Resend data to devices

X

X

X

 

 

 

 

 

 

 

 

 

 

Create a software

X

X

 

 

 

X

configuration

 

 

 

 

 

 

 

 

 

 

 

 

 

View a software

X

X

X

X

 

X

configuration

 

 

 

 

 

 

 

 

 

 

 

 

 

Edit a software configuration

X

X

 

 

 

X

 

 

 

 

 

 

 

Delete a software

X

X

 

 

 

X

configuration

 

 

 

 

 

 

 

 

 

 

 

 

 

View BlackBerry

X

X

 

 

X

 

Administration Service

 

 

 

 

 

 

software management

 

 

 

 

 

 

 

 

 

 

 

 

 

Edit BlackBerry

X

X

 

 

 

 

Administration Service

 

 

 

 

 

 

software management

 

 

 

 

 

 

 

 

 

 

 

 

 

Create an application

X

X

 

 

 

X

 

 

 

 

 

 

 

View an application

X

X

X

X

 

X

 

 

 

 

 

 

 

Edit an application

X

X

 

 

 

X

 

 

 

 

 

 

 

Delete an application

X

X

 

 

 

X

 

 

 

 

 

 

 

Create an administrator user

X

 

 

 

 

 

 

 

 

 

 

 

 

Specify an activation

X

X

X

X

 

X

password

 

 

 

 

 

 

 

 

 

 

 

 

 

Generate an activation email

X

X

X

X

 

X

 

 

 

 

 

 

 

Assign the current device to

X

X

X

X

 

X

a user

 

 

 

 

 

 

 

 

 

 

 

 

 

Turn off and on external

X

X

X

 

 

X

services

 

 

 

 

 

 

 

 

 

 

 

 

 

Clear activation password

X

X

X

X

 

X

 

 

 

 

 

 

 

31

Administration Guide Creating administrator accounts

 

 

Enterprise

Senior

Junior

Server only

User only

Permission name

Security role

Helpdesk

Helpdesk

role

role

role

 

 

role

role

 

 

 

 

 

 

 

 

 

 

 

 

Clear synchronization

X

X

X

 

 

X

backup data

 

 

 

 

 

 

 

 

 

 

 

 

 

Clear user statistics

X

X

X

X

 

X

 

 

 

 

 

 

 

Export statistics

X

X

 

 

 

X

 

 

 

 

 

 

 

Reset user field mapping

X

X

X

 

 

X

 

 

 

 

 

 

 

Turn on redirection

X

X

X

 

 

X

 

 

 

 

 

 

 

Turn off redirection

X

X

X

 

 

X

 

 

 

 

 

 

 

Refresh available user list

X

X

 

 

 

X

from company directory

 

 

 

 

 

 

 

 

 

 

 

 

 

Add User from Company

X

X

X

 

 

X

Directory

 

 

 

 

 

 

 

 

 

 

 

 

 

Synchronize GroupWise

X

X

 

 

X

 

System Address Book

 

 

 

 

 

 

 

 

 

 

 

 

 

Clear and synchronize

X

X

 

 

X

 

GroupWise System Address

 

 

 

 

 

 

Book

 

 

 

 

 

 

 

 

 

 

 

 

 

View a server

X

X

 

 

X

 

 

 

 

 

 

 

 

Edit a server

X

X

 

 

X

 

 

 

 

 

 

 

 

View a component

X

X

 

 

X

 

 

 

 

 

 

 

 

Edit a component

X

X

 

 

X

 

 

 

 

 

 

 

 

View an instance

X

X

 

 

X

 

 

 

 

 

 

 

 

Edit an instance

X

X

 

 

X

 

 

 

 

 

 

 

 

Change the status of an

X

X

 

 

X

 

instance

 

 

 

 

 

 

 

 

 

 

 

 

 

Edit an instance relationship

X

X

 

 

X

 

 

 

 

 

 

 

 

View a job

X

X

 

 

 

X

 

 

 

 

 

 

 

32

Administration Guide Creating administrator accounts

 

 

Enterprise

Senior

Junior

Server only

User only

Permission name

Security role

Helpdesk

Helpdesk

role

role

role

 

 

role

role

 

 

 

 

 

 

 

 

 

 

 

 

Edit a job

X

X

 

 

 

X

 

 

 

 

 

 

 

Manage deployment job

X

X

 

 

 

X

tasks

 

 

 

 

 

 

 

 

 

 

 

 

 

Change the status of a job

X

X

 

 

 

X

task

 

 

 

 

 

 

 

 

 

 

 

 

 

Update peer-to-peer

X

X

 

 

X

 

encryption key

 

 

 

 

 

 

 

 

 

 

 

 

 

View job distribution settings

X

X

 

 

 

X

 

 

 

 

 

 

 

Edit job distribution settings

X

X

 

 

 

X

 

 

 

 

 

 

 

Delete an instance

X

X

 

 

X

 

 

 

 

 

 

 

 

Edit license keys

X

X

 

 

X

 

 

 

 

 

 

 

 

View license keys

X

X

 

 

X

 

 

 

 

 

 

 

 

Manually fail a job

X

X

 

 

 

X

 

 

 

 

 

 

 

Clear instance statistics

X

X

 

 

X

 

 

 

 

 

 

 

 

View push rules for the

X

X

X

X

X

X

BlackBerry MDS Connection

 

 

 

 

 

 

Service

 

 

 

 

 

 

 

 

 

 

 

 

 

View pull rules for the

X

X

X

X

 

X

BlackBerry MDS Connection

 

 

 

 

 

 

Service

 

 

 

 

 

 

 

 

 

 

 

 

 

Send message (across

X

X

X

X

 

X

Group)

 

 

 

 

 

 

 

 

 

 

 

 

 

Create a role

X

 

 

 

 

X

 

 

 

 

 

 

 

Delete a role

X

 

 

 

 

X

 

 

 

 

 

 

 

View a role

X

X

 

 

 

X

 

 

 

 

 

 

 

Edit a role

X

 

 

 

 

X

 

 

 

 

 

 

 

Add or remove role

X

 

 

 

 

 

 

 

 

 

 

 

 

33

Administration Guide Creating administrator accounts

 

 

Enterprise

Senior

Junior

Server only

User only

Permission name

Security role

Helpdesk

Helpdesk

role

role

role

 

 

role

role

 

 

 

 

 

 

 

 

 

 

 

 

Import or export groups

X

 

 

 

 

 

within roles

 

 

 

 

 

 

 

 

 

 

 

 

 

Import new users

X

X

 

 

 

X

 

 

 

 

 

 

 

Import or export users

X

X

X

 

 

X

 

 

 

 

 

 

 

Import user updates

X

X

 

 

 

X

 

 

 

 

 

 

 

Import or export email

X

X

 

 

 

X

message filters for a user

 

 

 

 

 

 

 

 

 

 

 

 

 

Export asset summary data

X

X

 

 

 

X

 

 

 

 

 

 

 

Add or remove to user

X

X

X

 

 

X

configuration

 

 

 

 

 

 

 

 

 

 

 

 

 

Delete all device data and

X

X

X

X

 

X

remove device

 

 

 

 

 

 

 

 

 

 

 

 

 

Delete only the organization

X

X

X

X

 

X

data and remove device

 

 

 

 

 

 

 

 

 

 

 

 

 

Creating roles

You can create roles for administrator accounts so that administrators in your organization can perform specific tasks and view specific information in the BlackBerry Administration Service, BlackBerry Monitoring Service, and BlackBerry Web Desktop Manager. For example, you can create a role that has all permissions turned off by default and you can customize the role by turning on specific permissions. You can also create a role that is based on a preconfigured role and customize the role that you create.

Create a role

You can create a role for an administrator account if existing roles do not fulfill the criteria that your organization specified for the type of administrator account that you want to create. It is worthy to note that by default, when a new role is created all permissions for that role are turned off.

1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Role.

34

Administration Guide

Creating administrator accounts

2.Click Create a role.

3.Type a name and description for the role.

4.Click Save.

5.In the Role information section, click the name of the role that you created.

6.Click Edit role.

7.Switch the appropriate tabs to turn on the appropriate permissions.

8.Click Save all.

After you finish: Assign the role to an administrator account or group.

Create a role based on an existing role

To create a new role for an administrator account that is similar to an existing role, you can simply copy the existing role, use it to make a new role, and then make the appropriate changes to the new role.

1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Role.

2.Click Manage roles.

3.In the list of existing roles, click the role that you want to copy.

4.Click Copy role.

5.Type a name and description for the role.

6.Click Copy role.

7.In the Role information section, click the name of the role that you created.

8.Click Edit role.

9.Switch the appropriate tabs to change the appropriate permissions.

10.Click Save all.

After you finish: Assign the role to an administrator account or group.

Create an administrator account

You can create an account for administrators so that they can log in to the BlackBerry Administration Service and manage the BlackBerry Enterprise Server. You create an administrator account and assign the account to one or more roles. The roles control the actions that an administrator can perform in the BlackBerry Administration Service.

35

Administration Guide

Creating administrator accounts

If your environment includes a Microsoft Exchange resource forest, you must create the administrator account in the resource forest.

Before you begin: Verify that you can configure the authentication type and roles for an administrator account.

1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Administrator user.

2.Click Create an administrator user.

3.Type the required information. Consider using the minimum rules for password complexity when you create the password for the administrator account. The password should be at least 8 characters in length and contain at least one number, letter, and special character, and should not contain dictionary words.

4.In the Role drop-down list, click the role that you want to assign to the administrator account.

5.Click Create an administrator user.

After you finish: To configure the administrator account, provide the login information to the administrator and add the administrator account to a group, or you can assign additional roles to the administrator account.

Related information

Assigning BlackBerry devices to user accounts, 92 Managing administrator accounts, 282

Add an administrator account to a group

When you add an administrator account to one or more groups, you can manage role permissions at a group level instead of at an individual level. If you use groups to manage administrator roles and administrator accounts in your organization's environment, you can add multiple administrator accounts to specific groups and assign the appropriate roles to each group.

Note: If you add a role to a group, all accounts in the group become administrator accounts and have all of the permissions that are assigned to that role, even if the accounts are user accounts for BlackBerry device users.

1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.

2.Click Manage users.

3.Search for an administrator account.

4.In the search results, click the display name for the administrator account.

5.Click Edit user.

6.On the Groups tab, in the Available groups list, click the group that you want to add the administrator account to.

7.Click Add.

8.Click Save all.

36

Administration Guide

Creating administrator accounts

Related information

Create a group to manage similar user accounts, 84

Specify an email address for the BlackBerry Administration Service

You can specify the email address that the BlackBerry Administration Service sends BlackBerry Enterprise Server system messages or activation passwords from.

Before you begin: Create an email account on your organization's messaging server.

1.In the BlackBerry Administration Service, on the Devices menu, expand Wireless activations.

2.Click Device activation settings.

3.Click Edit activation settings.

4.In the Sender address field, type the email address that you want the BlackBerry Administration Service to send system messages or activation passwords from.

5.Click Save all.

Permit an administrator to log in to the BlackBerry Administration Service using a messaging server account

You can permit an administrator to log in to the BlackBerry Administration Service using a user name and password for the messaging server.

1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.

2.Click Manage users.

3.Search for a user account.

4.In the search results, click the display name for the user account.

5.Click Edit user.

6.In the Authentication type section, click the Edit icon.

37

Administration Guide

Creating administrator accounts

7.In the User information section, in the Display name field, type the user name.

8.In the Authentication type section, type and verify a password.

9.Click the Update icon.

10.Click Save all.

Assign a BlackBerry device to an administrator account

You can assign a BlackBerry device to an administrator without creating a separate user account.

1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.

2.Click Manage users.

3.Search for an administrator account.

4.Click the display name for the administrator account.

5.In the BlackBerry Enterprise Server status list, click Enable as BlackBerry user.

6.Search for the messaging server display name or email address of the administrator.

7.Select the check box beside the administrator account.

8.Click Next.

9.Click the BlackBerry Enterprise Server that you want to assign the administrator account to.

10.Click Save all.

38

Administration Guide

Using an IT policy to manage BlackBerry Enterprise Solution security

Using an IT policy to manage

 

4

BlackBerry Enterprise Solution

 

 

security

 

You can use an IT policy to control and manage BlackBerry devices, the BlackBerry Desktop Software, and the BlackBerry Web Desktop Manager in your organization's environment. An IT policy consists of multiple IT policy rules that manage the security and behavior of the BlackBerry Enterprise Solution. For example, you can use IT policy rules to manage the following security features and behaviors of the device:

encryption (for example, encryption of user data and messages that the BlackBerry Enterprise Server forwards to message recipients) and encryption strength

use of a password or pass phrase

connections that use Bluetooth wireless technology

protection of user data and device transport keys on the device

control of device resources, such as the camera or GPS, that are available to third-party applications

The BlackBerry Enterprise Server includes preconfigured IT policies that you can use to manage the security of the BlackBerry Enterprise Solution. The Default IT policy includes IT policy rules that are configured to indicate the default behavior of the device or BlackBerry Desktop Software.

After a device user activates a device, the BlackBerry Enterprise Server automatically sends to the device the IT policy that you assigned to the user account or group. By default, if you do not assign an IT policy to the user account or group, the BlackBerry Enterprise Server sends the Default IT policy. If you delete an IT policy that you assigned to the user account or group, the BlackBerry Enterprise Server automatically re-assigns the Default IT policy to the user account and resends the Default IT policy to the device.

For more information, see the BlackBerry Enterprise Server Policy Reference Guide.

Using IT policy rules to manage BlackBerry Enterprise Solution security

You can use IT policy rules to customize and control the actions that the BlackBerry Enterprise Solution can perform.

39

Administration Guide

Using an IT policy to manage BlackBerry Enterprise Solution security

To use an IT policy rule on a BlackBerry device, you must verify that the BlackBerry Device Software version supports the IT policy rule. For example, you cannot use the Disable Camera IT policy rule to control whether a BlackBerry device user can access the camera on the device if the BlackBerry Device Software version does not support the IT policy rule. For information about the BlackBerry Device Software version that is required for a specific IT policy rule, see the BlackBerry Enterprise Server Policy Reference Guide.

If you create a custom IT policy that does not permit users to change their user information on their devices, you can only apply this custom IT policy to devices running BlackBerry Device Software 5.0 or later.

The BlackBerry Administration Service groups the IT policy rules by common properties or by application. Most IT policy rules are designed so that you can assign them to multiple user accounts and groups.

Preconfigured IT policies

The BlackBerry Enterprise Server includes the following preconfigured IT policies that you can change to create IT policies that meet the requirements of your organization.

Preconfigured IT policy

Description

 

 

Default

This policy includes all the standard IT policy rules that are set on the

 

BlackBerry Enterprise Server.

 

 

Individual-Liable Devices

Similar to the Default IT policy, this policy prevents BlackBerry device users from

 

accessing organizer data from within the social networking applications on their

 

BlackBerry devices.

 

This policy permits users to access their personal calendar services and email

 

messaging services (for example, their BlackBerry Internet Service accounts),

 

update the BlackBerry Device Software using methods that exist outside your

 

organization, make calls when devices are locked, and cut, copy, and paste text.

 

Users cannot forward email messages from one email messaging service to

 

another.

 

You can use the Individual-Liable Devices IT policy if your organization includes

 

users who purchase their own devices and connect the devices to a BlackBerry

 

Enterprise Server instance in your organization's environment.

 

 

Basic Password Security

Similar to the Default IT policy, this policy also requires a basic password that

 

users can use to unlock their devices. Users must change the passwords

 

regularly. The IT policy includes a password timeout that locks devices.

 

 

Medium Password Security

Similar to the Default IT policy, this policy also requires a complex password that

 

users can use to unlock their devices. Users must change the passwords

 

regularly. This policy includes a maximum password history and turns off

 

Bluetooth technology on devices.

 

 

40

Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security

Preconfigured IT policy

Description

 

 

Medium Security with No 3rd Party

Similar to the Medium Password Security, this policy requires a complex

Applications

password that a user must change frequently, a security timeout, and a

 

maximum password history. This policy prevents users from making their

 

devices discoverable by other Bluetooth enabled devices and prevents devices

 

from downloading third-party applications.

 

 

Advanced Security

Similar to the Default IT policy, this IT policy also requires a complex password

 

that users must change frequently, a password timeout that locks devices, and a

 

maximum password history. This policy restricts Bluetooth technology on

 

devices, turns on strong content protection, turns off USB mass storage, and

 

requires devices to encrypt external file systems.

 

 

Advanced Security with No 3rd Party

Similar to the Advanced Security IT policy, this IT policy requires a complex

Applications

password that users must change frequently, a password timeout that locks

 

devices, and a maximum password history. This policy restricts Bluetooth

 

technology on devices, turns on strong content protection, turns off USB mass

 

storage, requires devices to encrypt external file systems, and prevents devices

 

from downloading third-party applications.

 

 

Default values for preconfigured IT policies

You can configure additional IT policy rules in the preconfigured IT policies or change any of the following values:

IT policy rule

Default IT

Individual-

Basic

Medium

Medium

Advanced

Advanced

 

policy

Liable

Password

Password

Password

Security IT

Security

 

 

Device IT

Security IT

Security IT

Security

policy

with No 3rd

 

 

policy

policy

policy

with No 3rd

 

Party

 

 

 

 

 

Party

 

Applications

 

 

 

 

 

Applications

 

IT policy

 

 

 

 

 

IT policy

 

 

Device-Only Items

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Enable Long-

Yes

Yes

Yes

Yes

Term Timeout

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Maximum

30 minutes

10 minutes

10 minutes

10 minutes

10 minutes

Security Timeout

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Maximum

60 days

30 days

30 days

30 days

30 days

Password Age

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Password

no restriction

no restriction

at least 1

at least 1

at least 1

at least 1

Pattern Checks

 

 

 

alpha and 1

alpha and 1

alpha and 1

alpha and 1

 

 

 

 

 

 

 

 

41

Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security

IT policy rule

Default IT

Individual-

Basic

Medium

Medium

Advanced

Advanced

 

policy

Liable

Password

Password

Password

Security IT

Security

 

 

Device IT

Security IT

Security IT

Security

policy

with No 3rd

 

 

policy

policy

policy

with No 3rd

 

Party

 

 

 

 

 

Party

 

Applications

 

 

 

 

 

Applications

 

IT policy

 

 

 

 

 

IT policy

 

 

 

 

 

 

 

 

 

 

 

 

 

 

numeric

numeric

numeric

numeric

 

 

 

 

character

character

character

character

 

 

 

 

 

 

 

 

Password

No

Yes

Yes

Yes

Yes

Yes

Required

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

User Can

Yes

Yes

Yes

Yes

Yes

Yes

Change Timeout

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

User Can

Yes

No

No

No

No

No

Disable

 

 

 

 

 

 

 

Password

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Password policy group

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Maximum

6

6

6

6

Password

 

 

 

 

 

 

 

History

 

 

 

 

 

 

 

 

 

 

 

 

 

RIM Value-Added Applications policy group

 

 

 

 

 

 

 

 

 

 

 

 

 

Disable

Yes

Yes

Organizer Data

 

 

 

 

 

 

 

Access for Social

 

 

 

 

 

 

 

Networking

 

 

 

 

 

 

 

Applications

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Security policy group

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Allow Outgoing

No

Yes

Call When

 

 

 

 

 

 

 

Locked

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Content

Strong

Strong

Protection

 

 

 

 

 

 

 

Strength

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Disable Cut/

No

No

Copy/Paste

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Disable

No

Yes

Forwarding

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

42

Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security

IT policy rule

Default IT

Individual-

Basic

Medium

Medium

Advanced

Advanced

 

policy

Liable

Password

Password

Password

Security IT

Security

 

 

Device IT

Security IT

Security IT

Security

policy

with No 3rd

 

 

policy

policy

policy

with No 3rd

 

Party

 

 

 

 

 

Party

 

Applications

 

 

 

 

 

Applications

 

IT policy

 

 

 

 

 

IT policy

 

 

 

 

 

 

 

 

 

 

Between

 

 

 

 

 

 

 

Services

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Disable USB

No

Yes

Yes

Mass Storage

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Disallow Third

No

Yes

Yes

Party

 

 

 

 

 

 

 

Application

 

 

 

 

 

 

 

Download

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

External File

Not required

Encrypt to

Encrypt to

System

 

 

 

 

 

user

user

Encryption level

 

 

 

 

 

password

password

 

 

 

 

 

 

(excluding

(excluding

 

 

 

 

 

 

multimedia

multimedia

 

 

 

 

 

 

directories)

directories)

 

 

 

 

 

 

 

 

Force Lock

No

Yes

Yes

Yes

Yes

When Holstered

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Reset to Factory

No

Yes

Defaults on Wipe

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Service Exclusivity policy group

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Allow Other

Yes

Yes

Calendar

 

 

 

 

 

 

 

Services

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Allow Other

Yes

Yes

Message

 

 

 

 

 

 

 

Services

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Bluetooth policy group

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Disable Address

No

Yes

Yes

Book Transfer

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Disable

No

Yes

Yes

Yes

Yes

Discoverable

 

 

 

 

 

 

 

Mode

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

43

Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security

IT policy rule

Default IT

Individual-

Basic

Medium

Medium

Advanced

Advanced

 

policy

Liable

Password

Password

Password

Security IT

Security

 

 

Device IT

Security IT

Security IT

Security

policy

with No 3rd

 

 

policy

policy

policy

with No 3rd

 

Party

 

 

 

 

 

Party

 

Applications

 

 

 

 

 

Applications

 

IT policy

 

 

 

 

 

IT policy

 

 

 

 

 

 

 

 

 

 

Disable File

No

Yes

Yes

Transfer

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Disable Serial

No

Yes

Yes

Port Profile

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Require LED

No

Yes

Yes

Connection

 

 

 

 

 

 

 

Indicator

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Wi-Fi policy group

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Wi-Fi Allow

Yes

No

No

No

No

No

Handheld

 

 

 

 

 

 

 

Changes

 

 

 

 

 

 

 

 

 

 

 

 

 

Wireless Software Upgrades policy group

 

 

 

 

 

 

 

 

 

 

 

 

 

Allow Non

No

Yes

Enterprise

 

 

 

 

 

 

 

Upgrade

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Creating and importing IT policies

Create an IT policy

1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy.

2.Click Create an IT policy.

3.Type a name and description for the IT policy.

4.Click Save.

5.To configure the IT policy, perform the following actions:

a. In the IT policy information section, click the IT policy.

44

Administration Guide

Using an IT policy to manage BlackBerry Enterprise Solution security

b.Click Edit IT policy.

c.On a tab for an IT policy group, configure values for the IT policy rules.

d.Click Save All.

After you finish: For more information, see the BlackBerry Enterprise Server Policy Reference Guide.

Create an IT policy based on an existing IT policy

1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy.

2.Click Manage IT policies.

3.In the list of IT policies, click the IT policy that you want to copy.

4.Click Copy IT policy.

5.Type a name and description for the new IT policy.

6.Click Save.

7.To change the IT policy settings, perform the following actions:

a.In the IT policy information section, click the IT policy.

b.Click Edit IT policy.

c.On a tab for an IT policy group, change the appropriate values for the IT policy rules.

d.Click Save all.

After you finish: For more information, see the BlackBerry Enterprise Server Policy Reference Guide.

Related information

Preconfigured IT policies, 40

Import IT policy data

CAUTION: For you to import IT policy data successfully, the IT policy data file must contain all of the IT policies that are assigned to user accounts and groups in the BlackBerry Domain that you are importing IT policy data to.

Before you begin: Export IT policy data from a different BlackBerry Domain.

1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy.

2.Click Manage IT policies.

3.In the Manage IT policies section, click Import IT policy list.

4.In the IT policy import section, specify the following information:

45

Administration Guide

Using an IT policy to manage BlackBerry Enterprise Solution security

Location of the data source file

File encryption password that you use to protect the data source file

5.Click Next.

6.Click Add all IT policies.

Related information

Preconfigured IT policies, 40

Import IT policy rules from an IT policy pack

You can import the IT policy rules that Research In Motion releases in an IT policy pack into your organization's BlackBerry Enterprise Server.

1.Download the IT policy pack to your computer and extract the contents of the file.

2.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy.

3.Click Manage IT policy rules.

4.Click Import IT policy definitions.

5.Navigate to and select the XML file that contains the IT policy rules (for example, ITPolicyTemplate082409.xml).

6.Click Save.

Change the value for an IT policy rule

1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy.

2.Click Manage IT policies.

3.In the IT policy information section, click the IT policy.

4.Click Edit IT policy.

5.On a tab for an IT policy group, change the appropriate values for the IT policy rules.

6.Click Save all.

46

Administration Guide

Using an IT policy to manage BlackBerry Enterprise Solution security

Assign an IT policy to a group

1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Group.

2.Click Manage groups.

3.In the Manage groups section, click the group that you want to assign an IT policy to.

4.On the Policies tab, click Edit group.

5.In the drop-down list, click an IT policy.

6.Click Save all.

Related information

Adding a user account to the BlackBerry Enterprise Server, 85

Assigning IT policies and resolving IT policy conflicts, 49

Assign an IT policy to a user account

1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.

2.Click Manage users.

3.Search for a user account.

4.In the search results, click the display name of the user account.

5.On the Policies tab, click Edit user.

6.In the drop-down list, click an IT policy.

7.Click Save all.

Related information

Adding a user account to the BlackBerry Enterprise Server, 85

Assigning IT policies and resolving IT policy conflicts, 49

47

Administration Guide

Using an IT policy to manage BlackBerry Enterprise Solution security

Sending an IT policy over the wireless network

If your organization's environment includes C++ based BlackBerry devices that are running BlackBerry Device Software version 2.5 or later or Java based devices that are running BlackBerry Device Software version 3.6 or later, the BlackBerry Enterprise Server can send changes to IT policies to a device over the wireless network automatically. When the device receives an updated IT policy or a new IT policy, the device, BlackBerry Desktop Software, and BlackBerry Web Desktop Manager apply the configuration changes immediately.

By default, the BlackBerry Enterprise Server is designed to resend an IT policy to the device within a short period of time after you update the IT policy using the BlackBerry Administration Service. You can also resend an IT policy to a specific device manually. You can configure the BlackBerry Enterprise Server to resend the IT policy to the device at scheduled intervals regardless of whether you changed the IT policy.

Related information

Using IT policy rules to manage BlackBerry Enterprise Solution security, 39 Assigning IT policies and resolving IT policy conflicts, 49

Preconfigured IT policies, 40

Resend an IT policy to a BlackBerry device manually

1.In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.

2.Click Manage users.

3.Search for a user account.

4.In the search results, click the display name for the user account.

5.On the Policies tab, click View resolved IT policy data.

6.Click Resend IT policy to a device.

Resend an IT policy to a BlackBerry device automatically

1.In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology.

48

Administration Guide

Using an IT policy to manage BlackBerry Enterprise Solution security

2.Expand BlackBerry Domain > Component view.

3.In the Policy section, click an instance.

4.Click Edit instance.

5.In the General section, in the Policy resend interval (hours) field, type an interval that you want the BlackBerry device to resend the IT policy at.

6.Click Save All.

Assigning IT policies and resolving IT policy conflicts

You can assign IT policies directly to a user account or to a group. By default, if you do not assign an IT policy to a user account or a group that the user is a member of, the BlackBerry Enterprise Server applies the Default IT policy to the user account. If you assign an IT policy to a group that a user account is a member of, the BlackBerry Enterprise Server applies the group IT policy to the user account. If you assign an IT policy to the user account directly, the BlackBerry Enterprise Server applies this IT policy to the user account instead of the group IT policy or Default IT policy.

If a user account is a member of multiple groups that have different IT policies, the BlackBerry Enterprise Server must determine which IT policy to apply to the user account. You must use one of the following reconciliation options:

Method

Description

 

 

Apply one IT policy to the user account

The BlackBerry Enterprise Server applies one of the group IT policies to the user

 

account. You specify rankings for the available IT policies using the BlackBerry

 

Administration Service and the BlackBerry Enterprise Server applies the IT

 

policy with the highest ranking.

 

If you upgrade to BlackBerry Enterprise Server 5.0 SP2 or later from a previous

 

version of the BlackBerry Enterprise Server, this is the default method for

 

resolving IT policy conflicts.

 

 

Apply multiple IT policies to the user

The BlackBerry Enterprise Server applies all of the group IT policies to the user

account

account, resulting in a combined IT policy that has a unique ID. The BlackBerry

 

Enterprise Server resolves conflicting IT policy rules using the ranking of the

 

available IT policies that you specified using the BlackBerry Administration

 

Service. If an IT policy rule is different in the multiple IT policies, the BlackBerry

 

Enterprise Server applies the rule setting from the IT policy that you ranked the

 

highest.

 

If you install BlackBerry Enterprise Server 5.0 SP2 or later, this is the default

 

method for resolving IT policy conflicts.

 

 

Related information

 

49

Administration Guide

Using an IT policy to manage BlackBerry Enterprise Solution security

Option 1: Applying one IT policy to each user account, 50

Option 2: Applying multiple IT policies to each user account, 51

Option 1: Applying one IT policy to each user account

You can configure the BlackBerry Enterprise Server to apply only one IT policy to a user account when a user account is a member of multiple groups that have different IT policies. In this scenario, the BlackBerry Enterprise Server applies the IT policy that you ranked the highest in the BlackBerry Administration Service.

If you upgrade to BlackBerry Enterprise Server 5.0 SP2 or later from a previous version of the BlackBerry Enterprise Server, this is the default method for resolving IT policy conflicts. If you install BlackBerry Enterprise Server 5.0 SP2 or later, the default method for resolving IT policy conflicts is to apply multiple IT policies to each user account and create a combined IT policy that has a unique ID for the user account.

Reconciliation rules for conflicting IT policies when you apply one IT policy to the user account

The BlackBerry Enterprise Server can apply only one IT policy to a user account. Since you can assign IT policies to user accounts, groups, or the BlackBerry Domain, the BlackBerry Administration Service uses predefined rules to determine which IT policy it can apply to a user account.

The BlackBerry Administration Service might have to reconcile conflicting IT policies if you perform any of the following actions:

add an IT policy to or remove an IT policy from a user account or group

change an IT policy

change the ranking of IT policies

delete an IT policy

Scenario

Rule

 

 

You add a new user account to a BlackBerry Enterprise

The IT policy that you assigned to the BlackBerry Domain,

Server. You do not assign an IT policy directly to the user

or the Default IT policy that is assigned to the BlackBerry

account and you do not add the user to a group.

Domain, is assigned to the user account.

 

 

You assign an IT policy to a user account and a different IT

The IT policy that you assign to a user account takes

policy to a group that the user account belongs to.

precedence over an IT policy that you assign to a group. An

 

IT policy that you assign to a group takes precedence over

 

the IT policy that you assign to the BlackBerry Domain (or

 

the Default IT policy).

 

 

A user account belongs to multiple groups. You assign

The BlackBerry Enterprise Server applies the IT policy that

multiple IT policies to the groups but do not assign an IT

you ranked the highest in the BlackBerry Administration

policy to the user account.

Service to the user account.

 

 

50

+ 450 hidden pages