Blackberry SWD-504685-0330050601-001 User Manual

Loading...
Blackberry SWD-504685-0330050601-001 User Manual

BlackBerry Enterprise Server Resource Kit

BlackBerry Enterprise Server User Administration Tool

Version: 5.0

Administration Guide

SWD-504685-0330050601-001

Contents

 

1

Overview.......................................................................................................................................................................................

5

 

BlackBerry Enterprise Server User Administration Tool.............................................................................................................

5

 

Preconfigured administrative roles for the BlackBerry Enterprise Server................................................................................

5

 

New in this release.........................................................................................................................................................................

9

 

Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration

 

 

Tool...................................................................................................................................................................................................

12

 

Supported authentication models........................................................................................................................................

12

 

Authentication credentials....................................................................................................................................................

12

 

Syntax for authentication credentials..................................................................................................................................

13

 

Setting authentication credentials.......................................................................................................................................

13

 

Storing an encrypted set of authentication credentials in the Windows registry..........................................................

13

 

Extracting credentials that are stored in the Windows registry........................................................................................

14

 

String value requirements.....................................................................................................................................................

14

 

Use cases.................................................................................................................................................................................

14

2

Managing user accounts............................................................................................................................................................

17

 

Adding user accounts.....................................................................................................................................................................

17

 

Add a new user account to the BlackBerry Enterprise Server...........................................................................................

17

 

Add a new user account to a group......................................................................................................................................

18

 

Add an existing user account to a group.............................................................................................................................

18

 

Assign a software configuration to a user account............................................................................................................

18

 

Finding user accounts....................................................................................................................................................................

19

 

Find a user account................................................................................................................................................................

19

 

Changing and removing user accounts........................................................................................................................................

19

 

Move a user account to a different BlackBerry Enterprise Server....................................................................................

19

 

Move a user account to a different user group...................................................................................................................

20

 

Delete a user account from a group.....................................................................................................................................

20

 

Delete a software configuration from a user account........................................................................................................

20

 

Delete a user account from the BlackBerry Enterprise Server..........................................................................................

21

 

Change user account settings.......................................................................................................................................................

21

 

List the groups in a BlackBerry Domain.......................................................................................................................................

22

3 Managing email message forwarding......................................................................................................................................

23

 

Turn on or turn off email message forwarding............................................................................................................................

23

 

List the folders that are available for email message forwarding.............................................................................................

23

 

Turn on or turn off email message forwarding for folders.........................................................................................................

24

4

Managing IT policies and IT policy rules..................................................................................................................................

25

 

List the IT policy rules in an IT policy............................................................................................................................................

25

 

Set IT policy rules for a user account............................................................................................................................................

26

 

List the IT policies in the BlackBerry Configuration Database..................................................................................................

26

5

Managing BlackBerry devices...................................................................................................................................................

27

 

Set a password for a BlackBerry device........................................................................................................................................

27

 

Set owner information on a BlackBerry device............................................................................................................................

27

 

Delete pending messages..............................................................................................................................................................

28

 

Resend a service book....................................................................................................................................................................

28

 

Resend the peer-to-peer encryption key.....................................................................................................................................

29

 

Protect a stolen BlackBerry device................................................................................................................................................

29

6

Sending notification messages to BlackBerry devices..........................................................................................................

30

 

Send a notification PIN message..................................................................................................................................................

30

 

Send a notification email message...............................................................................................................................................

31

7

Retrieving user account statistics and information about BlackBerry devices..................................................................

32

 

Retrieve user account statistics.....................................................................................................................................................

32

 

Results of a statistics query for a user account...................................................................................................................

32

 

Clear user account statistics..........................................................................................................................................................

34

 

Retrieve enterprise activation statistics for a user account.......................................................................................................

34

8

Retrieving BlackBerry device information...............................................................................................................................

36

 

List the applications that are available on one or more BlackBerry devices............................................................................

36

 

List the BlackBerry devices that a specific application is installed on.....................................................................................

36

 

Retrieve the statistics for BlackBerry devices..............................................................................................................................

36

 

Results of a statistics query for a BlackBerry device..........................................................................................................

37

 

List the modules and .cod files that are available on a BlackBerry device...............................................................................

38

9

Retrieve statistics for the BlackBerry Enterprise Server or the messaging server............................................................

39

 

Results of a statistics query for a BlackBerry Enterprise Server................................................................................................

39

10

Troubleshooting the BlackBerry Enterprise Server User Administration Tool...................................................................

41

 

Check the status of the BlackBerry Enterprise Server User Administration Tool...................................................................

41

 

Configuring log files.......................................................................................................................................................................

41

11

Parameters for the BlackBerry Enterprise Server User Administration Tool.....................................................................

43

 

Using the command summary in the help file............................................................................................................................

43

12

Common parameters...................................................................................................................................................................

44

13

Input, output, and user feedback parameters.........................................................................................................................

45

14

-add................................................................................................................................................................................................

47

15

-assign_swconfig.........................................................................................................................................................................

50

16

-change.........................................................................................................................................................................................

52

17

-delete...........................................................................................................................................................................................

56

18

-find...............................................................................................................................................................................................

58

19

-handheld_info............................................................................................................................................................................

59

20

-kill_handheld..............................................................................................................................................................................

62

21

-list.................................................................................................................................................................................................

64

22

-move.............................................................................................................................................................................................

67

23

-resend_peer_to_peer_key.......................................................................................................................................................

69

24

-resend_service_book................................................................................................................................................................

70

25

-send_email..................................................................................................................................................................................

71

26

-send_pin......................................................................................................................................................................................

73

27

-set_client_auth..........................................................................................................................................................................

75

28

-set_folder_redirection..............................................................................................................................................................

77

29

-set_owner_info..........................................................................................................................................................................

79

30

-set_password..............................................................................................................................................................................

81

31

-set_user_itpolicy_rule..............................................................................................................................................................

82

32

-stats..............................................................................................................................................................................................

84

33

-status...........................................................................................................................................................................................

86

34

Glossary.........................................................................................................................................................................................

87

35

Provide feedback.........................................................................................................................................................................

88

36

Legal notice..................................................................................................................................................................................

89

Administration Guide

Overview

Overview

 

1

The BlackBerry® Enterprise Server Resource Kit is a collection of tools that can help you extend your ability to manage and monitor the BlackBerry® Enterprise Solution. You can download the BlackBerry Enterprise Server Resource Kit from www.blackberry.com/support/downloads.

The BlackBerry Enterprise Server Resource Kit contains the following tool packages:

BlackBerry Enterprise Server User Administration Tool

BlackBerry Analysis, Monitoring, and Troubleshooting Tools

BlackBerry Enterprise Transporter

BlackBerry Enterprise Server User Administration Tool

You can use the BlackBerry® Enterprise Server User Administration Tool to manage user accounts on the BlackBerry® Enterprise Server on a large scale. For example, you can add, find, move, and remove user accounts, or change user account configurations.

You can run the BlackBerry Enterprise Server User Administration Tool from a command prompt to perform BlackBerry Enterprise Server administration tasks or to gather management and monitoring information.

The BlackBerry Enterprise Server User Administration Tool connects to the BlackBerry Administration Service to obtain information from and store information in the BlackBerry Configuration Database.

Preconfigured administrative roles for the BlackBerry Enterprise Server

The BlackBerry® Enterprise Server installation includes preconfigured administrative roles. Each preconfigured administrative role has a number of permissions turned on.

You can configure additional permissions in the preconfigured administrative roles, or you can turn off any of the permissions that are shown in the following table. For more information, visit www.blackberry.com/go/serverdocs to read the BlackBerry Enterprise Server Administration Guide.

 

 

Enterprise

Senior

Junior

Server only

User only

Permission name

Security role

Helpdesk

Helpdesk

role

role

role

 

 

 

role

role

 

 

Create a group

*

*

*

 

 

*

Delete a group

*

*

 

 

 

*

View a group (across Group)

*

*

*

*

 

*

Edit a group (across Group)

*

*

*

 

 

*

 

 

 

 

 

 

 

5

Administration Guide

Preconfigured administrative roles for the BlackBerry Enterprise Server

 

 

Enterprise

Senior

Junior

Server only

User only

Permission name

Security role

Helpdesk

Helpdesk

role

role

role

 

 

 

role

role

 

 

Create a user

*

*

*

 

 

*

Delete a user

*

*

*

 

 

*

View a user (across Group)

*

*

*

*

 

*

Edit a user (across Group)

*

*

*

 

 

*

View a device (across Group)

*

*

*

*

 

*

Edit a device (across Group)

*

*

*

*

 

*

View device activation

*

*

 

 

 

*

settings

 

 

 

 

 

 

Edit device activation

*

*

 

 

 

*

settings

 

 

 

 

 

 

Create an IT policy

*

*

 

 

 

*

Delete an IT policy

*

*

 

 

 

*

View an IT policy

*

*

*

*

 

*

Edit an IT policy

*

*

 

 

 

*

Import an IT policy

*

*

 

 

 

*

Export a data file

*

*

 

 

*

*

Create a user-defined IT

*

*

 

 

 

*

policy template

 

 

 

 

 

 

Delete a user-defined IT

*

*

 

 

 

*

policy template

 

 

 

 

 

 

Edit a user-defined IT policy

*

*

 

 

 

*

template

 

 

 

 

 

 

Import an IT policy template

*

*

 

 

 

*

Create a software

*

*

 

 

 

*

configuration

 

 

 

 

 

 

View a software

*

*

*

*

 

*

configuration

 

 

 

 

 

 

Edit a software configuration

*

*

 

 

 

*

Delete a software

*

*

 

 

 

*

configuration

 

 

 

 

 

 

Create an application

*

*

 

 

 

*

 

 

 

 

 

 

 

6

Administration Guide

Preconfigured administrative roles for the BlackBerry Enterprise Server

 

 

Enterprise

Senior

Junior

Server only

User only

Permission name

Security role

Helpdesk

Helpdesk

role

role

role

 

 

 

role

role

 

 

View an application

*

*

*

*

 

*

Edit an application

*

*

 

 

 

*

Delete an application

*

*

 

 

 

*

Create an administrator user

*

*

 

 

 

*

Specify activation password

*

*

*

*

 

*

Turn off and on external

*

*

*

 

 

*

services

 

 

 

 

 

 

Clear activation password

*

*

*

*

 

*

Clear synchronization

*

*

*

 

 

*

backup data

 

 

 

 

 

 

Clear user statistics

*

*

*

*

 

*

Reset user field mapping

*

*

*

 

 

*

Turn on redirection

*

*

*

 

 

*

Turn off redirection

*

*

*

 

 

*

Refresh available user list

*

*

*

 

*

*

from company directory

 

 

 

 

 

 

Synchronize GroupWise®

*

*

 

 

*

 

System Address Book

 

 

 

 

 

 

Clear and synchronize

*

*

 

 

*

 

GroupWise System Address

 

 

 

 

 

 

Book

 

 

 

 

 

 

View a server

*

*

 

 

*

 

Edit a server

*

*

 

 

*

 

View a component

*

*

 

 

*

 

Edit a component

*

*

 

 

*

 

View an instance

*

*

 

 

*

 

Edit an instance

*

*

 

 

*

 

Change the status of an

*

*

 

 

*

 

instance

 

 

 

 

 

 

Edit an instance relationship

*

*

 

 

*

 

View a job

*

*

 

 

 

*

 

 

 

 

 

 

 

7

Administration Guide

Preconfigured administrative roles for the BlackBerry Enterprise Server

 

 

Enterprise

Senior

Junior

Server only

User only

Permission name

Security role

Helpdesk

Helpdesk

role

role

role

 

 

 

role

role

 

 

Edit a job

*

*

 

 

 

*

View default distribution

*

*

 

 

 

*

settings for a job

 

 

 

 

 

 

Edit default distribution

*

*

 

 

 

*

settings for a job

 

 

 

 

 

 

Update peer-to-peer

*

*

 

 

*

 

encryption key

 

 

 

 

 

 

View job distribution settings

*

*

 

 

 

*

Edit job distribution settings

*

*

 

 

 

*

Delete an instance

*

*

 

 

*

 

Edit license keys

*

*

 

 

*

 

License key view

*

*

 

 

*

 

Manually fail a job

*

*

 

 

 

*

Clear instance statistics

*

*

 

 

*

 

Clear statistics for a

*

*

 

 

*

 

BlackBerry MDS Connection

 

 

 

 

 

 

Service instance

 

 

 

 

 

 

View push rules for the

*

*

*

*

*

*

BlackBerry MDS Connection

 

 

 

 

 

 

Service

 

 

 

 

 

 

View pull rules for the

*

*

*

*

 

*

BlackBerry MDS Connection

 

 

 

 

 

 

Service

 

 

 

 

 

 

Send message (across

*

*

*

*

 

*

Group)

 

 

 

 

 

 

Create a role

*

 

 

 

 

*

Delete a role

*

 

 

 

 

*

View a role

*

*

 

 

 

*

Edit a role

*

 

 

 

 

*

Add and remove a role

*

*

 

 

 

*

(across Group)

 

 

 

 

 

 

 

 

 

 

 

 

 

8

Administration Guide

New in this release

 

 

Enterprise

Senior

Junior

Server only

User only

Permission name

Security role

Helpdesk

Helpdesk

role

role

role

 

 

 

role

role

 

 

 

 

 

 

 

 

 

View a group across organizations

Edit a group across organizations

Add and remove a role across organizations

View a device across organizations

Edit a device across organizations

Register an event notification

Create an event notification

Edit a BlackBerry

Administration Service timer

View BlackBerry Monitoring

Service information

Edit BlackBerry Monitoring

Service settings

New in this release

BlackBerry Analysis, Monitoring, and Troubleshooting Tools

The functionality of the following BlackBerry® Analysis, Monitoring, and Troubleshooting Tools has been integrated into the BlackBerry Enterprise Server User Administration Tool. As a result, the tools are no longer distributed separately.

Tool

Description

 

 

BlackBerry Enterprise Activation

To generate a report of the stages of activation for a user account, in the BlackBerry

Status Reporting Tool

Enterprise Server User Administration Tool, you can run the following command:

(EAStatus.exe)

besuseradminclient <credentials> -list -eastatus

 

 

 

9

Administration Guide

New in this release

Tool

Description

 

 

BlackBerry IT Policy Template

To display the preconfigured IT policies that are available on a BlackBerry® Enterprise

Reporting Tool

Server, in the BlackBerry Enterprise Server User Administration Tool, you can run the

(ITPolicyTemplateReport.exe)

following command:

 

 

besuseradminclient <credentials> -list -it_policy_templates

Parameter changes in the BlackBerry Enterprise Server User Administration Tool

 

 

Parameter

Description

 

 

-change -u -cw

This subparameter removes the activation password for a BlackBerry device from the

 

BlackBerry Configuration Database.

-delete -u -force

This subparameter forces the removal of a user account from the BlackBerry Configuration

 

Database, even if a mailbox does not exist for the user.

 

The -force subparameter replaces the -hard subparameter.

-i <input_filename>

This subparameter provides the option for all commands that have command line options

 

to use an input file.

 

The first line of the input file is a comma-separated list of options that the columns

 

represent. This list can be any (non-empty) subset of valid options in any order. For Boolean

 

options, such as -cs, a column value of 0 or FALSE (not case-sensitive) turn off the option.

 

All other values, including the empty value, turn on the option.

-list -servers

This subparameter lists all BlackBerry Enterprise Server and messaging server instances.

-o <output_filename>

This subparameter provides the option to create an output file.

 

You can use this subparameter with any command.

-p <password>

This subparameter specifies the authentication password that the BlackBerry Enterprise

 

Server User Administration Tool uses to extract authentication credentials from the

 

Windows® registry and use in command line options. The parameter was previously used

 

to authenticate the BESUserAdminClient with the BESUserAdminService.

-set_client_auth

This parameter specifies the credentials that the BlackBerry Enterprise Server User

Administration Tool uses to authenticate with the BlackBerry Administration Service. You run the following command:

besuseradminclient -set_client_auth <credentials_to_set> -set_p <password> Previously, -set_client_auth was a subparameter that was used with other commands.

10

Administration Guide

Parameter

Description

 

 

-stats -service -b <instance> and

These subparameters display statistics for a BlackBerry Enterprise Server component or

-stats -service -email <instance>

for a BlackBerry Messaging Agent instance.

 

 

 

They replace the following subparameters:

 

-stats -b <instance>

 

-stats -servers

-v <level>

The <level> variable allows you to specify the level of detail that is provided in log files by

 

using one of the following options:

 

TRACE

 

DEBUG

 

WARNING

 

ERROR

 

INFORMATIONAL

 

The default level is set at DEBUG.

 

The -v parameter was previously used to specify only a verbose reporting level.

Parameters that are no longer used in the BlackBerry Enterprise Server User Administration Tool

 

 

Parameter

Description

 

 

-add -u -domaddrsvr

This parameter was used by the BlackBerry Enterprise Server User Administration Tool to

<servername>

identify the remote address book server to look up a user.

-add -infofile

This parameter has been enhanced to -add -i <input_filename>.

- change -infofile

This parameter has been enhanced to -change -i <input_filename>.

- change -u -cpin

This parameter was used to remove the PIN for a user account from the BlackBerry

 

Configuration Database.

-delete -f

This parameter has been enhanced to -delete -force.

-delete -hard

This parameter has been enhanced to -delete -force.

-stats -b <instance>

This parameter has been enhanced to -stats -service -b <instance> and -stats -service -

 

email <instance>.

-stats -servers

This parameter has been enhanced to -stats -service -b <instance> and -stats -service -

 

email <instance>.

 

 

 

11

Administration Guide

Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool

Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool

If your organization uses applications that work with previous versions of the BlackBerry® Enterprise Server User Administration Tool, in many cases, these applications also work with version 5.0 of the tool.

Supported authentication models

In BlackBerry® Enterprise Server version 5.0, the models for authentication (login) and authorization (roles or capabilities) for administration are different from the models that were used in previous versions.

BlackBerry Enterprise Server version 5.0 supports the following authentication models:

BlackBerry Administration Service authentication (default)

mailbox authentication (IBM® Lotus® Domino® environment only)

Microsoft® Active Directory® authentication

BlackBerry Enterprise Server version 5.0 does not support Windows® authentication or Microsoft® SQL Server® authentication.

You must create one of the following administrators with sufficient credentials to authenticate with the BlackBerry Administration Service:

administrator in the BlackBerry Administration Service

mailbox administrator (IBM Lotus Domino environment only)

administrator in Microsoft Active Directory

Roles or capabilities that are based on database user accounts are not supported in BlackBerry Enterprise Server version 5.0.

For more information about how to create a BlackBerry Administration Service administrator, visit www.blackberry.com/go/ serverdocs to read the BlackBerry Enterprise Server Administration Guide.

Authentication credentials

In the BlackBerry® Enterprise Server User Administration Tool version 5.0, you can use the following parameters interchangeably:

"-username" or "-sqluser" (authentication user name)

"-password" or "-sqlpass" (authentication password)

The BlackBerry Enterprise Server User Administration Tool uses the values associated with these options for the authentication and authorization models that are supported in the BlackBerry® Enterprise Server version 5.0. The tool does not does not support Microsoft® SQL Server® authentication or roles or capabilities that are defined on the Microsoft SQL Server database engine.

12

Administration Guide

Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool

Syntax for authentication credentials

In the BlackBerry® Enterprise Server User Administration Tool BlackBerry Enterprise Server User Administration Tool, the variable <credentials> represents the user name and password that you use for authentication with the BlackBerry Administration Service.

The BlackBerry Enterprise Server User Administration Tool uses the following syntax for authentication credentials.

Item

Description

 

 

-username <user name>

authentication user name

-sqluser <user name>

 

-password <password>

authentication password

-sqlpass <password>

 

-domain <domain>

authentication domain

-bas_auth

use BlackBerry Administration Service authentication (default)

-mailbox_auth

use mailbox authentication (IBM® Lotus® Domino® environment only)

-ad_auth

use Microsoft® Active Directory® authentication

 

 

In the BlackBerry Enterprise Server User Administration Tool, the variable <credentials> represents the user name and password that you use for authentication with the BlackBerry Administration Service.

Setting authentication credentials

Storing an encrypted set of authentication credentials in the Windows registry

The BlackBerry® Enterprise Server User Administration Tool uses the -set_client_auth <credentials> -set_p <password> command to store credentials in the Windows® registry and then insert the credentials into the command line options.

Example

BESUserAdminClient -username admin -password password -set_client_auth "-username smoser -password password1 - ad_auth -domain test.rim.net" -set_p password

This creates the following Windows registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion\BlackBerry Resource Kit\BESUserAdmin\ClientAuth

13

Administration Guide

Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool

Extracting credentials that are stored in the Windows registry

The BlackBerry® Enterprise Server User Administration Tool uses the -p <password> command to extract and decrypt credentials that are stored in the Windows® registry and then inserts the credentials into the command line options.

Example

BESUserAdminClient -p password1 -status This runs the following command:

BESUserAdminClient -username smoser -password password1 -ad_auth -domain test.rim.net -status

String value requirements

To specify -set_client_auth values that contain characters in double quotation marks, you must surround the entire string with double quotation marks. You must use a set of quotation marks to escape every embedded set of characters that are in double quotation marks.

Example: Using double quotation marks to specify a work location nickname for a user

If you have two users with the same name, Sam Moser, one of whom works in Waterloo and the other in New York, you can specify the work location for the user as a nickname.

BESUserAdminClient -username "Sam \"Waterloo\" Moser" -password password -status You store this option and value in the Windows® registry using the following command:

BESUserAdminClient -set_p password1 -set_client_auth "-username ""Sam \"\"Waterloo\"\" Moser"" -password password"

Use cases

In all the following examples, you log on to the computer that hosts the BlackBerry® Enterprise Server User Administration Tool using the following credentials:

User name: NTLMU1

Password: NTLMP1

Example: Running a command using SQL authentication

You log on to the computer that hosts the BlackBerry Enterprise Server User Administration Tool using the following credentials:

User name: SQLU1

Password: SQLP1

14

Administration Guide

Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool

BlackBerry Enterprise Server User Administration Tool

BlackBerry Enterprise Server User Administration Tool

version 4.1.x

version 5.0

 

 

Run the following command: BESUserAdminClient -p

password1 -sqluser SQLU1 -sqlpass SQLP1...

Initial configuration (perform once):

1.Create a BlackBerry Administration Service administrator with the following credentials:

User name: SQLU1

Password: SQLP1

2.Save the BlackBerry Administration Service administrator credentials in the Windows registry using the following command: BESUserAdminClient - set_client_auth "-bas_auth" -set_p password1

Then run the following command: BESUserAdminClient -p

password1 -sqluser SQLU1 -sqlpass SQLP1....

Example: Running a command using Windows authentication

BlackBerry Enterprise Server User Administration Tool

BlackBerry Enterprise Server User Administration Tool

version 4.1.x

version 5.0

 

 

Run the following command: BESUserAdminClient -p

password1...

Initial configuration (perform once):

1.Create a BlackBerry Administration Service administrator with the following credentials:

User name: BASU1

Password: BASP1

2.Save the BlackBerry Administration Service administrator credentials in the Windows® registry using the following command: BESUserAdminClient - set_client_auth "-username BASU1 -password BASP1 -bas_auth" -set_p password1

Then run the following command: BESUserAdminClient -p password1

15

Administration Guide

Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool

Example: Changing the authentication credentials in the Windows registry to a Microsoft Active Directory user

BlackBerry Enterprise Server User Administration Tool

BlackBerry Enterprise Server User Administration Tool

version 4.1.x

version 5.0

 

 

Not applicable

Run the following command:

 

BESUserAdminClient -set_client_auth "-username ADU1

 

-password ADP1 -ad_auth -domain D1" -set_p password1

Example: Changing the client password

 

 

 

BlackBerry Enterprise Server User Administration Tool

BlackBerry Enterprise Server User Administration Tool

version 4.1.x

version 5.0

 

 

1. Remove the existing BlackBerry Enterprise Server User

Run the following command:

 

Administration Tool service.

BESUserAdminClient -set_client_auth "-username ADU1

 

2. Re-install the service using the new client password.

-password ADP1 -ad_auth -domain D1" -set_p password2

Example: Overriding the requirement to use authentication credentials in the Windows registry

 

 

BlackBerry Enterprise Server User Administration Tool

BlackBerry Enterprise Server User Administration Tool

version 4.1.x

version 5.0

 

 

Not applicable

Run the following command:

 

BESUserAdminClient -username username1 -password

 

password1..

Example: Denying access permanently or temporarily using the -p command

 

 

BlackBerry Enterprise Server User Administration Tool

BlackBerry Enterprise Server User Administration Tool

version 4.1.x

version 5.0

 

 

Change the appropriate Windows registry entry.

Run the following command:

BESUserAdminClient -set_client_auth "" -set_p password

16

Administration Guide

Managing user accounts

Managing user accounts

 

2

The BlackBerry® Enterprise Server uses predefined roles that correspond to common administrative roles in organizations to control who can perform specific tasks and to limit who can access sensitive data.

The BlackBerry Enterprise Server User Administration Tool uses the BlackBerry Administration Service credentials that you type on the command line.

Your current role is defined by the BlackBerry Administration Service. The -v parameter in the BlackBerry Enterprise Server User Administration Tool does not display your role.

The authentication information is encrypted when it passes from the BlackBerry Enterprise Server User Administration Tool to the BlackBerry Administration Service and to the BlackBerry Configuration Database.

Adding user accounts

Add a new user account to the BlackBerry Enterprise Server

1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.

2.Type besuseradminclient <credentials> -add and the following parameters:

-u <user_name>

-pin <PIN> (use with the -u parameter for the BlackBerry® Enterprise Server for MDS Applications only)

-b <instance>

Example: Adding a user account to a BlackBerry Enterprise Server for Microsoft Exchange, and assigning an IT policy

besuseradminclient-username admin -password password -add -u smoser@test.rim.net -b server1 -it_policy “User Can Change Timeout”

Example: Adding a user account to a BlackBerry Enterprise Server for IBM Lotus Domino, and assigning an IT policy

besuseradminclient -username admin -password password -add -u “CN=Sam Moser/O=Server01” -b CN=Server01/ O=test.rim.net -it_policy “User Can Change Timeout”

Example: Adding a user account to a BlackBerry Enterprise Server for Novell GroupWise, and assigning an IT policy besuseradminclient -username admin -password password -add -u sammoser -b server01 -it_policy “User Can Change Timeout”

Example: Adding a user account to a BlackBerry Enterprise Server for MDS Applications, and assigning an IT policy

besuseradminclient -username admin -password password -add -u xxxxxxxx -pin xxxxxxxx -b server01 -it_policy “User Can Change Timeout”

17

Administration Guide

Adding user accounts

Add a new user account to a group

1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.

2.Type besuseradminclient <credentials> -add and the following parameters:

-u <user_name>

-b <instance>

-group <group_name>

Example: Adding a new user account to a BlackBerry Enterprise Server for Microsoft Exchange, to a user group, and to an IT policy

besuseradminclient -username admin -password password -add -u smoser@test.rim.net -b server01 -group administrators - it_policy “User Can Change Timeout”

Add an existing user account to a group

1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.

2.Type besuseradminclient <credentials> -change and the following parameters:

-u <user_name>

-b <instance>

-group <group_name>

Example

besuseradminclient -username admin -password password -change -u smoser@test.rim.net -b server1 -group administrators

Assign a software configuration to a user account

1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.

2.Type besuseradminclient <credentials> -assign_swconfig and the following parameters:

-u <user_name>

-sw <configuration_name>

18

Administration Guide

Finding user accounts

Example

besuseradminclient -username admin -password password - assign_swconfig -u "sam, moser” -b server1 -sw games

Finding user accounts

Find a user account

You can use the -u subparameter to specify the user account that the BlackBerry® Enterprise Server User Administration Tool searches for.

1.To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.

2.Type besuseradminclient <credentials> -find and the following parameter:

-u <user_name>

Example: Finding a user account on the BlackBerry Enterprise Server for Microsoft Exchange besuseradminclient -username admin -password password -find -u smoser@test.rim.net

Changing and removing user accounts

Move a user account to a different BlackBerry Enterprise Server

The source and the target BlackBerry® Enterprise Server instances must use the same BlackBerry Configuration Database.

1.To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.

2.Type besuseradminclient <credentials> -move and the following parameters:

-b <instance> (source BlackBerry Enterprise Server instance)

-u <user_name>

-t <instance> (target or destination BlackBerry Enterprise Server instance)

Example: Moving a user account to a different BlackBerry Enterprise Server for Microsoft Exchange besuseradminclient -username admin -password password -move -u smoser@test.rim.net -b server01 -t server02

19

Administration Guide

Changing and removing user accounts

Move a user account to a different user group

A user account can belong to more than one group. You can perform this task if you want the user account to belong to only the group that you specify.

Before you begin:

Delete the user account from the existing group.

1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.

2.Type besuseradminclient <credentials> -change and the following parameters:

-u <user_name>

-b <instance>

-group <group_name>

Example

besuseradminclient -username admin -password password -change -u smoser@test.rim.net -b server01 -group security

Delete a user account from a group

1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.

2.Type besuseradminclient <credentials> -change and the following parameters:

-u <user_name>

-b <instance>

-cgroup <group_name>

Example: Deleting a user account from a user group on the BlackBerry Enterprise Server for Microsoft Exchange besuseradminclient -username admin -change -u smoser@test.rim.net -b server01 -cgroup powerusers

Delete a software configuration from a user account

1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.

2.Type besuseradminclient <credentials> -assign_swconfig -csw and the name of the software configuration.

20

Administration Guide

Change user account settings

Example

besuseradminclient -username admin -password password -assign_swconfig -csw config1 -u “sam, moser” -b server1

Delete a user account from the BlackBerry Enterprise Server

1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.

2.Type besuseradminclient <credentials> -delete and the following parameters:

-u <user_name>

-b <instance>

Example: Deleting a user account from the BlackBerry Enterprise Server for Microsoft Exchange besuseradminclient -delete -username admin -password password -u smoser@test.rim.net -b server01

Change user account settings

The BlackBerry® Enterprise Server for MDS Applications does not support this task.

1.To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.

2.Type besuseradminclient <credentials> -change and the following parameters:

-u <user_name>

-b <instance>

Example: Clearing the user account filters

besuseradminclient -username admin -password password -change -u smoser@test.rim.net -b server01 -cf

Example: Making the BlackBerry MDS Connection Service unavailable to a user account, changing the activation password, and specifying the password expiry time for the user account

besuseradminclient -change -username admin -password password -u smoser@test.rim.net -b server01 -dm -w password3 -wt 96

Example: Specifying the activation password and the password expiry time for a group of users besuseradminclient -change -username admin -password password -g administrators -w password3 -wt 120

21

Administration Guide

List the groups in a BlackBerry Domain

List the groups in a BlackBerry Domain

1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.

2.Type besuseradminclient <credentials> -list -groups.

Example

besuseradminclient -username admin -password password -list -groups

22

Administration Guide

Managing email message forwarding

Managing email message forwarding

 

3

Turn on or turn off email message forwarding

The BlackBerry® Enterprise Server for MDS Applications does not support this task. By default, email message forwarding is turned off.

1.To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.

2.Perform one of the following actions:

To turn on email message forwarding, type besuseradminclient <credentials> -change -er and the following parameters:

-u <user_name>

-b <instance>

To turn off email message forwarding, type besuseradminclient <credentials> -change -dr and the following parameters:

-u <user_name>

-b <instance>

Example: Turning on email message forwarding for a user account

besuseradminclient -username admin -password password1 -change -u smoser@test.rim.net -b server01 -er

Example: Turning off email message forwarding for a user account

besuseradminclient-username admin -password password1 -change -u smoser@test.rim.net -b server01 -dr

List the folders that are available for email message forwarding

The BlackBerry® Enterprise Server for MDS Applications does not support this task.

1.To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.

2.Type besuseradminclient <credentials> -list -folders and the following parameters:

-u <user_name>

-b <instance>

Example

23

Administration Guide

Turn on or turn off email message forwarding for folders

besuseradminclient -username admin -password password -list -folders -u sammoser -b server01

Turn on or turn off email message forwarding for folders

The BlackBerry® Enterprise Server for MDS Applications does not support this task.

If you are using the BlackBerry® Enterprise Server for Microsoft® Exchange, a folder name can contain a slash mark (/). To specify the folder, you must type the escape character backslash (\) before the slash mark.

1.To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.

2.Perform one of the following actions:

To turn on email message forwarding for folders, type besuseradminclient <credentials> -set_folder_redirection - er and the following parameters:

-u <user_name>

-b <instance>

-foldername <folder_name>

To turn off email message forwarding for folders, type besuseradminclient -set_folder_redirection <credentials> - dr and the following parameters:

-u <user_name>

-b <instance>

-foldername <folder_name>

Example: Turning on email message forwarding for a folder

besuseradminclient -username admin -password password1 -set_folder_redirection -u smoser@test.rim.net -b server01 - foldername Sent -er

Example: Turning off email message forwarding for a folder

besuseradminclient -username admin -password password1 -set_folder_redirection -u smoser@test.rim.net -b server01 - foldername Sent -dr

Example: Turning on email message forwarding for a folder using a folder name that contains a slash mark

besuseradminclient -username admin -password password1 -set_folder_redirection -u smoser@test.rim.net -b server01 - foldername Inbox\/subfolder1\/sub\/folder2 -er

24

Administration Guide

Managing IT policies and IT policy rules

Managing IT policies and IT policy rules

 

4

List the IT policy rules in an IT policy

1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.

2.Type besuseradminclient <credentials> -list -it_policy_rules and the following parameter:

• -it_policy <policy_name>

Example: Listing the IT policy rules and displaying them in an output file

besuseradminclient -username admin -password password -list -it_policy_rules -it_policy "Advanced Security" -o AdvancedSecurity.csv

Example output

Policy Name, Policy Group, Rule Name, Rule Value, Rule Type

Advanced Security, Device only, User Can Disable Password, No, BOOLEAN Advanced Security, Bluetooth, Disable Serial Port Profile, Yes, BOOLEAN Advanced Security, Security, Force Lock When Holstered, Yes, BOOLEAN Advanced Security, Password, Maximum Password History, 6, INTEGER

Advanced Security, Device only, Password Pattern Checks, At least 1 alpha and 1 numeric character, ENUMERATION: 0|No restriction|1|At least 1 alpha and 1 numeric character|2|At least 1 alpha, 1 numeric, and 1 special character|3|At least 1 upper-case alpha, 1 lower-case alpha, 1 numeric, and 1 special character

Advanced Security, Bluetooth, Disable File Transfer, Yes, BOOLEAN Advanced Security, Bluetooth, Disable Discoverable Mode, Yes, BOOLEAN

Advanced Security, Bluetooth, Require LED Connection Indicator, Yes, BOOLEAN Advanced Security, Device only, Enable Long-Term Timeout, Yes, BOOLEAN Advanced Security, Policy Information, IT Policy Name, Advanced Security, STRING Advanced Security, Security, Disable USB Mass Storage, Yes, BOOLEAN

Advanced Security, Security, Content Protection Strength, Strong, ENUMERATION: 0|Strong|1|Stronger|2|Strongest Advanced Security, Device only, User Can Change Timeout, Yes, BOOLEAN

25

Administration Guide

Set IT policy rules for a user account

Advanced Security, Security, External File System Encryption Level, Encrypt to User Password (excluding multi-media directories), ENUMERATION: 0|Not Required|1|Encrypt to User Password (excluding multi-media directories)|2|Encrypt to User Password (including multi-media directories)|3|Encrypt to Device Key (excluding multi-media directories)|4|Encrypt to Device Key (including multi-media directories)|5|Encrypt to User Password and Device Key (excluding multimedia directories)|6|Encrypt to User Password and Device Key (including multimedia directories)

Advanced Security, WLAN, WLAN Allow Handheld Changes, No, BOOLEAN Advanced Security, Device only, Maximum Security Timeout, 10, INTEGER Advanced Security, Bluetooth, Disable Address Book Transfer, Yes, BOOLEAN Advanced Security, Device only, Maximum Password Age, 30, INTEGER Advanced Security, Device only, Password Required, Yes, BOOLEAN

Set IT policy rules for a user account

1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.

2.Type besuseradminclient <credentials> -set_user_itpolicy_rule and the following parameters:

-u <user_name>

-b <instance>

-policyrule <rule_name>

-policyvalue <value>

Example: Specifying a single IT policy rule for a user account

besuseradminclient -username admin -password password -set_user_itpolicy_rule -u smoser@test.rim.net -b server01 - policyrule “VPN User Name” -policyvalue smoser

List the IT policies in the BlackBerry Configuration Database

1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.

2.Type besuseradminclient <credentials> -list -it_policies.

Example

besuseradminclient -username admin -password password -list -it_policies

26

+ 65 hidden pages