BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 02-25-2008, 05:05 PM   #1 (permalink)
Knows Where the Search Button Is
 
Join Date: Feb 2006
Location: Montreal
Model: 8100
Carrier: Rogers
Posts: 25
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default IT Policy blocking OTA Software Configurations

Please Login to Remove!

Hello,
Our company recently deployed a very restrictive IT Policy. Since we've deployed the policy we are unable to push applications OTA. I've created a second IT Policy that has less restrictions such as enabling 3rd party apps but I am still unable to successfully push an app(in this case RSA software token). The only way I am able to push OTA is if I put the device into a non-resrtictive IT Policy, one with nothing enabled. My question is which setting in our Policy is preventing OTA installs (excluding the disabled 3rd party apps option)? Here are the settings...

HANDHELD POLICY SETTINGS:
IT Policy Name = "Secured Policy - Outgoing Call Enabled"
Password Required = TRUE
Allow Peer-to-Peer Messages = TRUE
Minimum Password Length = 6
User Can Disable Password = FALSE
Maximum Security Timeout = 20
Maximum Password Age = 90
User Can Change Timeout = TRUE
Password Pattern Checks = 0
Enable Long-Term Timeout = TRUE
Allow SMS = TRUE
Enable WAP Config = TRUE
Common Policy Group:
Disable MMS = TRUE
Set Owner Name = "Blackberry"
Set Owner Info =
IT Policy Notification = FALSE
Lock Owner Info = 3
Password Policy Group:
Periodic Challenge Time = 60
Maximum Password History = 5
Suppress Password Echo = TRUE
Set Maximum Password Attempts = 5
Set Password Timeout = 20
Security Policy Group:
Disable Public Social Networking Applications = TRUE
Disable Public Photo Sharing Applications = TRUE
Allow Smart Card Password Caching = FALSE
Disable IP Modem = FALSE
Disable Unverified Certificate Use = TRUE
Minimal Encryption Key Store Security Level = 2
Minimal Signing Key Store Security Level = 2
Disable Persisted Plain Text = TRUE
Disable 3DES Transport Crypto = FALSE
Disable Unverified CRLs = TRUE
Allow Outgoing Call When Locked = TRUE
FIPS Level = 2
Disable Forwarding Between Services = TRUE
Disable Radio When Cradled = 0
Disable Stale Status Use = TRUE
Certificate Status Maximum Expiry Time = 4
Disable Key Store Backup = TRUE
Disable Weak Certificate Use = TRUE
Disable Invalid Certificate Use = TRUE
Allow Split-Pipe Connections = FALSE
Allow External Connections = TRUE
Allow Internal Connections = TRUE
Allow Third Party Apps to Use Serial Port = TRUE
Disallow Third Party Application Downloads = TRUE
Certificate Status Cache Timeout = 1
Disable Key Store Low Security = TRUE
Disable Peer-to-Peer Normal Send = TRUE
Disable Message Normal Send = FALSE
Disable Revoked Certificate Use = TRUE
Disable Untrusted Certificate Use = TRUE
SMIME Application Policy Group:
SMIME Minimum Strong DSA Key Length = 1024
SMIME Allowed Content Ciphers = 00100001 (33)
SMIME Minimum Strong ECC Key Length = 163
SMIME Minimum Strong DH Key Length = 1024
SMIME Minimum Strong RSA Key Length = 1024
TLS Application Policy Group:
TLS Disable Invalid Connection = 0
TLS Minimum Strong ECC Key Length = 163
TLS Minimum Strong DH Key Length = 1024
TLS Minimum Strong RSA Key Length = 1024
TLS Disable Untrusted Connection = 0
TLS Disable Weak Ciphers = 0
Browser Policy Group:
Disable Java Script in Browser = TRUE

DESKTOP POLICY SETTINGS:
Show Application Loader = FALSE
Force Load Count = 0
Auto Backup Enabled = TRUE
Auto Backup Include All = TRUE
Show Web Link = FALSE
Do Not Save Sent Messages = FALSE
Desktop Policy Group:
Desktop Allow Device Switch = FALSE
Desktop Allow Desktop Add-ins = TRUE
Desktop Password Cache Timeout = 10
Service Exclusivity Policy Group:
Allow Public Yahoo! Messenger Services = FALSE
Allow Other Browser Services = TRUE
Offline  
Old 02-26-2008, 05:33 AM   #2 (permalink)
New Member
 
Join Date: Sep 2006
Model: 8700
Carrier: KPN
Posts: 13
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Disallow Third Party Application Downloads = TRUE

Set this to FALSE and try again.
Perhaps you first have to resend the policy to the affected device.
Offline  
Old 02-26-2008, 09:20 AM   #3 (permalink)
Knows Where the Search Button Is
 
Join Date: Feb 2006
Location: Montreal
Model: 8100
Carrier: Rogers
Posts: 25
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I've already tried that as stated in my post.

(excluding the disabled 3rd party apps option)
Offline  
Old 02-27-2008, 10:23 AM   #4 (permalink)
Knows Where the Search Button Is
 
Join Date: Feb 2006
Location: Montreal
Model: 8100
Carrier: Rogers
Posts: 25
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Help

Someone? Anyone? HELP!
Offline  
Old 02-27-2008, 10:37 AM   #5 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default

What happens if you push the Default IT Policy to a test device and then try pushing the software config? Does it still fail?

I'm wondering if some security value (Firewall, perhaps) got changed with the restrictive IT Policy, and may have to be changed back manually....
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.