BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 03-02-2009, 03:10 PM   #1 (permalink)
Knows Where the Search Button Is
 
Join Date: Jan 2009
Model: 9000
PIN: N/A
Carrier: ATT
Posts: 28
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default stop a user from upgrading OS

Please Login to Remove!

Is there anyway I can block a user from upgrading the OS on their device? Or will they always be able to do it through their desktop software?

Thanks.
Offline  
Old 03-02-2009, 03:16 PM   #2 (permalink)
Retired BBF Moderator
 
Thatzmister2u's Avatar
 
Join Date: Feb 2007
Location: Nor Cal
Model: 9000
PIN: ups! ;)
Carrier: AT&T
Posts: 5,890
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by ekrengel View Post
Is there anyway I can block a user from upgrading the OS on their device? Or will they always be able to do it through their desktop software?

Thanks.
Sure! Start refusing to send a new EA after they blow their old one away! lol! I will wait for a BES Admin to respond with some real advice.
__________________
Unlocked | AT&T BES
*gasp* Un-protected...


www.horizonwirelessonline.com - Unlocks and Repairs
Offline  
Old 03-02-2009, 03:30 PM   #3 (permalink)
Knows Where the Search Button Is
 
Join Date: Jan 2009
Model: 9000
PIN: N/A
Carrier: ATT
Posts: 28
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I wish it were that easy...
Offline  
Old 03-02-2009, 03:33 PM   #4 (permalink)
BlackBerry Extraordinaire
 
zero7404's Avatar
 
Join Date: Apr 2007
Location: tri-state
Model: 9530
OS: 5.0.0.328
PIN: n/a
Carrier: tmob
Posts: 1,097
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

staple their fingers to the desk ? that'll keep them from updating their phone
__________________
AIM//App World//BEIKS Dictionary//DataVault//GPS Tracker//MissingLight//QuickLaunch//StormLevel Pro//StormLight//Tetris//VA Wallpaper Changer
Offline  
Old 03-02-2009, 03:38 PM   #5 (permalink)
Knows Where the Search Button Is
 
Join Date: Jan 2009
Model: 9000
PIN: N/A
Carrier: ATT
Posts: 28
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Like maybe there is a option to only allow a user to sync with my BES if they have a .416 OS and below...
Offline  
Old 03-02-2009, 05:14 PM   #6 (permalink)
BlackBerry Extraordinaire
 
Frank Castle's Avatar
 
Join Date: Jul 2005
Location: MA
Model: 9930
PIN: PM Me!
Carrier: VZW
Posts: 1,073
Post Thanks: 0
Thanked 4 Times in 3 Posts
Default

Unsure why you would want users on the old OS.

Depending on what options you have at your disposal you can enforce no desktop manager on your desktops.

You can enforce the enterprise policy on BES but it doesn't allow you to restrict OS. You could prevent devices with newer OS but with 4.5 out for almost all current models it doesn't help.

Looking through the policies you could enabled - Show Application Loader to FALSE so they can't use DM. It's under Desktop Only items. This would still leave the BlackBerry - Update your Device Software and if they have admin rights they could load the web control. So unsure if you can lock down users that way or restrict USB ports.
Offline  
Old 03-02-2009, 05:19 PM   #7 (permalink)
BlackBerry Extraordinaire
 
CO_BBTechie's Avatar
 
Join Date: Jul 2007
Location: Denver
Model: 8310
Carrier: AT&T
Posts: 2,044
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

As was alluded to... you can prevent desktop manager use all together, or just the loader app. If you disable DM use, this would require wireless enterprise activation whenever an OS upgrade was done. As the BES admin, you can choose to deny an activation unless you approve of their OS level. You as the admin must set an activation password and communicate that password to the end user. No password = no BES activation.
__________________
Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.
Clifford Stoll
Offline  
Old 03-02-2009, 05:26 PM   #8 (permalink)
Knows Where the Search Button Is
 
Join Date: Jan 2009
Model: 9000
PIN: N/A
Carrier: ATT
Posts: 28
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks for the replies.

It's not that I want them on the old OS, I just want to prevent them from loading an OS that I do not approve of/not supported by the carrier, that is know to be buggy. Also, there is no reason to update the OS if there is nothing wrong with the current one! Unless there are some new features....

I know I can just not give him an activation password...but that is not feasible at the moment. I have to comply.

What we need is a written policy set in place that will underline these points...that way I can enforce it.

I set the application loader to false...we'll see how that goes.

Thanks.
Offline  
Old 03-02-2009, 05:30 PM   #9 (permalink)
New Member
 
jsconyers's Avatar
 
Join Date: Jul 2007
Location: In a van down by the river.
Model: NOTE2
OS: 4.1
PIN: <- Where do I find this?
Carrier: Sprint
Posts: 15,069
Post Thanks: 138
Thanked 139 Times in 120 Posts
Default

I am lucky enough that most of my users don't care enough to upgrade their OS. If they're interested in doing so, they generally ask me before anything. Disabling App Loader should help. However, they don't need desktop manager to load the OS any longer. They can use the loader.exe file that comes with the OS. I am not sure if setting that to false will disable that as well.
Offline  
Old 03-03-2009, 03:45 PM   #10 (permalink)
Knows Where the Search Button Is
 
Join Date: Jan 2009
Model: 9000
PIN: N/A
Carrier: ATT
Posts: 28
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I think setting the BES application loader to false, and using Group Policy "hash rules" should do the trick

For the hash rules, I'm blocking:

loader.exe
application_loader.dll
BBWebSLLauncher.dll
ApploaderWebSL-Upgrade.msi
DesktopMgr.exe

There is no way around it now, even if you take yourself off the BES or try to use the web upgrade

They would have to take themselves off the domain, or hack the local admin password, which isn't going to happen.
Offline  
Old 03-03-2009, 03:49 PM   #11 (permalink)
BlackBerry Extraordinaire
 
CO_BBTechie's Avatar
 
Join Date: Jul 2007
Location: Denver
Model: 8310
Carrier: AT&T
Posts: 2,044
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by ekrengel View Post
I think setting the BES application loader to false, and using Group Policy "hash rules" should do the trick

For the hash rules, I'm blocking:

loader.exe
application_loader.dll
BBWebSLLauncher.dll
ApploaderWebSL-Upgrade.msi
DesktopMgr.exe

There is no way around it now, even if you take yourself off the BES or try to use the web upgrade

They would have to take themselves off the domain, or hack the local admin password, which isn't going to happen.
... or they could remove the IT policy from the device, and then perform the upgrade....

Of course then they would need to re-enterprise activate.
__________________
Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.
Clifford Stoll
Offline  
Old 03-03-2009, 03:54 PM   #12 (permalink)
Knows Where the Search Button Is
 
Join Date: Jan 2009
Model: 9000
PIN: N/A
Carrier: ATT
Posts: 28
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Even if they removed the IT policy from the device, I still don't think it would work. The hash rules would block any of the .exe/msi's from running.
Offline  
Old 03-03-2009, 03:59 PM   #13 (permalink)
BlackBerry Extraordinaire
 
CO_BBTechie's Avatar
 
Join Date: Jul 2007
Location: Denver
Model: 8310
Carrier: AT&T
Posts: 2,044
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by ekrengel View Post
Even if they removed the IT policy from the device, I still don't think it would work. The hash rules would block any of the .exe/msi's from running.
On their work system yes... but on an unrestricted desktop at home?
__________________
Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.
Clifford Stoll
Offline  
Old 03-03-2009, 04:01 PM   #14 (permalink)
Knows Where the Search Button Is
 
Join Date: Jan 2009
Model: 9000
PIN: N/A
Carrier: ATT
Posts: 28
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yeah...that's where they would get you.
Offline  
Old 03-03-2009, 07:21 PM   #15 (permalink)
BlackBerry Extraordinaire
 
Frank Castle's Avatar
 
Join Date: Jul 2005
Location: MA
Model: 9930
PIN: PM Me!
Carrier: VZW
Posts: 1,073
Post Thanks: 0
Thanked 4 Times in 3 Posts
Default Well

You could always run inventory and send a note to those users that they are on an OS you don't support. Considering the amount of new devices coming out at some poiunt you will have devices with OS 4.5+ so you might want to revisit how often you validate OS versions.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.