As a BES Admin, I need to ensure we are not allowing users to use desktop redirector from their computers. If a user has a BES device, we want to make sure they're on our BES where we can manage them! :smile:

I'm trying to figure out the best method for blocking the desktop redirector but I'm getting mixed answers. RIM advised that we can block the address, network@<hidden>. However, when I looked at an example of desktop redirector messages in a user's mailbox I noticed one had a 'From' address of, network@<hidden>####.etp.na.blackberry.net, and the other had a 'To' address of, network@<hidden>.

Is blocking it based on address the best way? If so, what addresses do I use?
Is making use of an Active Directory GPO a possibility? If so, what do we use for the config?
Has any other BES admin had the same issue/concern or successfully implemented a solution??

THANKS!!

No clue about BES..... But you might get a better response if you post this in the BES area :)

Ahhh thanks for the advice...first time posting and still trying to figure things out. I reposted in the technical section.

Plenty of helpful and friendly folks there to get you on your way! :)

I thought there was a BES policy that restricts the use of Desktop Redirector.

You are probably correct Sir, I don't know jack about BES... :)

The problem is if they're not on our BES and using desktop redirector, how would I be able to apply any IT policies on their device?

What I'm looking for is a solution on how to lock down the environment. We also support the Exchange and AD environment so I would be able to implement e-mail address blocks and/or a GPO. Just a little unsure as to what exactly needs to be done...

Do you have global admin rights to their desktops? Remove the software remotely and don't provide users access to install software from an Admin rights perspective?

If their not using your servers how are they getting past your security. Just block the server address RIM indicated and only allow the server you use for BB to get past any firewall. If you dont have a firewall why are you bothering with this.

Do you have global admin rights to their desktops? Remove the software remotely and don't provide users access to install software from an Admin rights perspective?Also... If you have the ability to scan for installed software, determine who has BDM installed and send them a notice that it is against company policy. Give them x amount of time to remove it before displinary actions are taken. You should be able to scan for DesktopMgr.exe.