BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 01-30-2008, 04:35 PM   #1 (permalink)
BMC
New Member
 
Join Date: Jan 2008
Location: Lisbon
Model: 8100
PIN: N/A
Carrier: Optimus
Posts: 14
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Disable BlackBerry Desktop Manager throught BES IT Policy

Please Login to Remove!

Hi All,

Does anyone knows a way to disable the BlackBerry Desktop Manager from IT Policy ?

I'm currently using the following settings to mitigate the problem:

Desktop-Only Items:
Show Application Loader: False
Security Policy Group:
Desktop Backup: No databases
Disable USB Mass Storage: True
Disable External Memory: True
Desktop Policy Group:
Desktop Allow Desktop Add-ins: False
Desktop Allow Device Switch: False
Disable Media Manager: True

I notice when the BlackBerry Desktop Manager runs for the first time, i can do everything, even install applications but when i rerun the program again, most of the icons are gone. I expected this kind of behaviour on the first time.

Bottom line: I need to deploy 400 BB very soon and i'm trying to close all open doors, we're very concerned about security issues . Disable all USB connections will be perfect.

BES 4.1.4.12
Desktop Manager 4.3
Offline  
Old 01-30-2008, 05:03 PM   #2 (permalink)
CrackBerry Addict
 
Andi's Avatar
 
Join Date: May 2005
Location: Chicago
Model: 9700
OS: 6.0.0.448
Carrier: T-Mobile
Posts: 549
Post Thanks: 0
Thanked 4 Times in 4 Posts
Default

I think.... the IT policy won't be on a new blackberry until part way through the enterprise activation -- so that has to happen and then bb is connected to the PC to cause the polciy to come through the bb to the pc???

Sounds logical to me but....
Offline  
Old 01-30-2008, 05:06 PM   #3 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default

Until the Desktop Manager is associated with a device then the IT Policy won't have any affect on it. I think Andi hit the nail on the head.
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 01-30-2008, 07:02 PM   #4 (permalink)
BMC
New Member
 
Join Date: Jan 2008
Location: Lisbon
Model: 8100
PIN: N/A
Carrier: Optimus
Posts: 14
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Enterprise Activations are allways OTA.
I'm try to avoid my BB users connect their BBs on the PC, so simple as that
Offline  
Old 01-30-2008, 07:13 PM   #5 (permalink)
BlackBerry Extraordinaire
 
gibson_hg's Avatar
 
Join Date: Dec 2007
Model: NA
PIN: 80081ES
Carrier: NA
Posts: 1,006
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

You can't stop the installation of DTM through Policy, just limit it's uses. Even then they have to EA first and then cradle via the USB for it to apply to the DTM software on the Desktop.

Sounds like they have to connect with USB at some point, unless you outlaw the Desktop software

You could allow a basic install of just the Device Manager. It just installs the drivers so it can charge faster. There is no gui installed so they can't use Application Loader or anything for that matter, just charge it if the battery is low.
Offline  
Old 01-30-2008, 07:47 PM   #6 (permalink)
BMC
New Member
 
Join Date: Jan 2008
Location: Lisbon
Model: 8100
PIN: N/A
Carrier: Optimus
Posts: 14
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I just can't deny wire access. The only think i can do is limit the use, but when DTM runs for the first time, anyone can do whatever they want, doesn't sound logical to me. Addicionally DTM policy setting are on 4 groups, doesn't sound logical to me either. And what about a IT Policy USB deny setting, who needs to charge connects to power...
Offline  
Old 01-31-2008, 06:17 AM   #7 (permalink)
Knows Where the Search Button Is
 
Join Date: Dec 2007
Model: 9630
PIN: N/A
Carrier: Sprint
Posts: 16
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by BMC View Post
Bottom line: I need to deploy 400 BB very soon and i'm trying to close all open doors, we're very concerned about security issues . Disable all USB connections will be perfect.

Isn't there some concern that if you lock down the BB so much that you might as well just give your users a pad of yellow legal paper and a pen and tell them "good luck"???

Security is one thing ... but there has to be some reasonable limit.
Offline  
Old 01-31-2008, 08:30 AM   #8 (permalink)
Wireless Sith Lord
 
DarthBBerry's Avatar
 
Join Date: Jan 2007
Location: Online
Model: iOS 6
Carrier: Verizon x2
Posts: 1,458
Post Thanks: 2
Thanked 27 Times in 22 Posts
Default

Quote:
Originally Posted by BMC View Post
Enterprise Activations are allways OTA.
I'm try to avoid my BB users connect their BBs on the PC, so simple as that
Word. I don't even tell my users about the DTM or the USB cable. I reinforce that everything is synched OTA and there isn't a need for the software or cable.

The less damage they can do to themselves, the less cleanup there is for me.
__________________
DarthBBerry
6-Time BlackBerry World Champion (2007-2012)
BlackBerry® Certified Support Specialist v5.0
BlackBerry® Certified System Administrator v5.0
Offline  
Old 02-01-2008, 12:18 AM   #9 (permalink)
BlackBerry Genius
 
hdawg's Avatar
 
Join Date: Aug 2006
Model: hdawg
PIN: port3101.org
Carrier: hdawg
Posts: 6,632
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Enterprise Activations are allways OTA
Really? So what is it called when I plug in my BB to a PC with Desktop Manager and activate?

I guess it might not be an Enterprise Activation ... no, it is.
Offline  
Old 02-01-2008, 03:59 AM   #10 (permalink)
Talking BlackBerry Encyclopedia
 
DavidAdams's Avatar
 
Join Date: Sep 2007
Location: Belfast
Model: NotYe
PIN: N/A
Carrier: O2
Posts: 470
Post Thanks: 2
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by DarthBBerry View Post
Word. I don't even tell my users about the DTM or the USB cable. I reinforce that everything is synched OTA and there isn't a need for the software or cable.

The less damage they can do to themselves, the less cleanup there is for me.
Glad to know someone else is also using the same logic i am. All my end users have been given is the BB and the mains charger.
__________________
BES, 4.1.7, was SBE now full BES
Domino v7.0.2
Windows Server 2003, standalone
Offline  
Old 02-01-2008, 10:22 AM   #11 (permalink)
BMC
New Member
 
Join Date: Jan 2008
Location: Lisbon
Model: 8100
PIN: N/A
Carrier: Optimus
Posts: 14
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by hdawg View Post
Really? So what is it called when I plug in my BB to a PC with Desktop Manager and activate?

I guess it might not be an Enterprise Activation ... no, it is.

Our EA...
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright © 2004-2014 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.