BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 08-03-2010, 02:32 AM   #1 (permalink)
Thumbs Must Hurt
 
Orinoko's Avatar
 
Join Date: Mar 2007
Location: Manchester, UK
Model: Z10
Carrier: O2
Posts: 133
Post Thanks: 3
Thanked 0 Times in 0 Posts
Lightbulb BES 5.0 policy recommendations

Please Login to Remove!

Hi,

I'm designing our new BES5.0 cut-over system and I would like to take advantage of the IT policy inheritance features and i'm trying to get my head around it.

I've struggled to find any in-depth documentation on this subject so if anyone can point me in the right direction that would be great.

Firstly, am I right in thinking that a group can only have one policy 'directly' applied to it?

What I want to do is have one base policy for all users/devices and then tag on extra policies for certain users that, for example, force encryption or add a Wifi profile.

If a group can only have one policy am I better using child groups or assigning multiple groups to users?

I've noticed that if a group is in a child group for several groups all the other groups are added as 'indirect groups' on my users. Is this right?

Another question. What are the point of Wifi profiles? I don't seem to be able to apply these to IT policies or groups, only users.


Thanks!

Last edited by Orinoko : 08-03-2010 at 02:35 AM.
Offline  
Old 08-03-2010, 07:59 AM   #2 (permalink)
Talking BlackBerry Encyclopedia
 
cyclmpc's Avatar
 
Join Date: Nov 2008
Location: DC
Model: 9800
OS: 6.0.0.141
PIN: N/A
Carrier: ATT
Posts: 217
Post Thanks: 2
Thanked 2 Times in 2 Posts
Default

In BES 5.0 SP2, Admin Guide - Exchange enviroment. http://docs.blackberry.com/en/admin/...1-5.0.2-US.pdf

check out page 49.

Then check out the Policy Reference Guide. http://docs.blackberry.com/en/admin/...1-5.0.2-US.pdf

The properties at the individual level override the properties at the group level.
The properties at the group level override the properties at the domain level.

If I understand what you want to do, you can assign domain level properties for all of your users. Then, for your certain users that you decide have additional needs, assign them a group with your force encryption and wifi profile policies.

The Wifi item on policy should just be an option that you configure within a certain policy as well as tab on the specific user. The wifi options on the policy are much more robust. Once it is defined on the policy, you can then assign that policy to a group. Then that group gets assigned to a user and it will make its way to the device. What exactly are you experiencing?
__________________
I'm actually lost...
Offline  
Old 08-03-2010, 08:37 AM   #3 (permalink)
Thumbs Must Hurt
 
Orinoko's Avatar
 
Join Date: Mar 2007
Location: Manchester, UK
Model: Z10
Carrier: O2
Posts: 133
Post Thanks: 3
Thanked 0 Times in 0 Posts
Default

Thanks very useful! I had migrated my test users I had assigned a policy to the user and this was overiding my group settings. I removed the explict groups and its working as I would expect now. Cheers.
Offline  
Old 08-04-2010, 05:08 AM   #4 (permalink)
Thumbs Must Hurt
 
Orinoko's Avatar
 
Join Date: Mar 2007
Location: Manchester, UK
Model: Z10
Carrier: O2
Posts: 133
Post Thanks: 3
Thanked 0 Times in 0 Posts
Default

Hi, just another quick question.

I've got a base group for the default policy that everyone is in. Then I've got another group, say "9700 devices" that applies the WLAN policy. If I then add a child group with another policy attached into the "9700 devices" group just this policy apply.

At present I can only see the default and WLAN policies applying.

Cheers.
Offline  
Old 08-04-2010, 07:05 AM   #5 (permalink)
Talking BlackBerry Encyclopedia
 
cyclmpc's Avatar
 
Join Date: Nov 2008
Location: DC
Model: 9800
OS: 6.0.0.141
PIN: N/A
Carrier: ATT
Posts: 217
Post Thanks: 2
Thanked 2 Times in 2 Posts
Default

Assigning groups to other groups will share the properties of the parent group with the users in the child group.

If I read your post right, I think you are trying to assign a child group and apply it to the parent group. Am I reading that wrong?
__________________
I'm actually lost...
Offline  
Old 08-04-2010, 09:09 AM   #6 (permalink)
Thumbs Must Hurt
 
Orinoko's Avatar
 
Join Date: Mar 2007
Location: Manchester, UK
Model: Z10
Carrier: O2
Posts: 133
Post Thanks: 3
Thanked 0 Times in 0 Posts
Default

Ah, i'm trying to assign child groups to add policies to members of the main group.
What is the best way to assign multiple polices to users?

And another quick question, is the 'default' policy linked to the domain the same as the 'default' policy in the policy list?

If so does this mean I can ditch my "base" group that applies the 'default' policy to users?

Sorry for asking seemingly simple questions!!

Last edited by Orinoko : 08-04-2010 at 09:13 AM.
Offline  
Old 08-05-2010, 06:48 AM   #7 (permalink)
Talking BlackBerry Encyclopedia
 
cyclmpc's Avatar
 
Join Date: Nov 2008
Location: DC
Model: 9800
OS: 6.0.0.141
PIN: N/A
Carrier: ATT
Posts: 217
Post Thanks: 2
Thanked 2 Times in 2 Posts
Default

Yes, the default policy on the BAS is what your users will be hit with when you activate them. There is no need to add another default policy for this purpose.

To assist you more, I'm curious. What is your environment like to require so many smaller policies associated with multiple groups? Usually, you create groups to identify 'like' users and make the assigment of a policy to the group instead of the individual. I feel as if you are trying to assing multiple policies to groups, which is backwards and something you cannot do.
__________________
I'm actually lost...
Offline  
Old 08-05-2010, 11:36 AM   #8 (permalink)
Thumbs Must Hurt
 
Orinoko's Avatar
 
Join Date: Mar 2007
Location: Manchester, UK
Model: Z10
Carrier: O2
Posts: 133
Post Thanks: 3
Thanked 0 Times in 0 Posts
Default

Our environment is quite simple really, only about 1000 users.

My plan was to create a few different groups, each to suit either a group of users or devices capabilities. For example I was going to have an OCS deployment group, a corporate WiFi group, a encrypted group etc. etc. I'm guessing this is a bad idea?

In a simple sense if I put all my common settings in the default policy linked to the domain and then add a user to a group with a WiFi policy attached should both the default and wifi policy settings apply?
Offline  
Old 08-05-2010, 02:41 PM   #9 (permalink)
Talking BlackBerry Encyclopedia
 
cyclmpc's Avatar
 
Join Date: Nov 2008
Location: DC
Model: 9800
OS: 6.0.0.141
PIN: N/A
Carrier: ATT
Posts: 217
Post Thanks: 2
Thanked 2 Times in 2 Posts
Default

My suggestion is this. You have your default Policy and you base any additional policies off of your default policy. That will dictate how many policies you will have. You simply copy the default policy and add/remove options as needed for your specific groups.

I'm not a big fan of doing policy by device capability. People change devices all of the time. Device capabilities change. I suppose there is something to be said to control devices to that level, but it does not seem like you need that in your environment. The management console is used to make your life easier, not to add layers of complexity. In my mind, creating policies for groups as well as device capabilities is adding work.
__________________
I'm actually lost...
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.