Thanks!

What do you mean? Best practices, how to do it, what?

you could read the administration PDF. it pretty much goes into detail what each option does and doesn't do.

Yeah best practices. Sorry I wasn't clear.

Best practices... well, forcing passwords is a good idea. Preventing 3rd party apps from being loaded will prevent unnecessary junk from getting installed by your end-users (but, oh, they will complain... THEY WILL COMPLAIN!).
Anyhow, after that, you have to figure out what you want. The IT Policy is quite detailed...
I can't make the decisions for you, so you need to know what you want the users able to do, and unable to do. SMS text messages? Phone calls? Do either of those have an impact on the bottom line?

The admin guide has "Sample IT Policies" at the end of Appendix A

Not to mention that a 'best practices' should likely be applied using your current security policy as a guide. Just my two cents.

Well I was looking at the IT Policy, only thing I really see valuable is the passwords and restricting 3rd party apps. But hey they bought their own BB's, so what gives me the right to lock down any of them. lol

Cool guys, thanks for the info.

Regards,
Bryan

c'mon now bryan. you're an admin, so you're supposed to have a powertrip from time to time. but to answer that question, despite them having their own purchased handhelds, they still are on your network and still present a potential security risk by being open. i'm not sure where you're working now, but at your previous job, i can guarantee that they would agree with me.

Not specific to BBs, but to PDAs in general, go here:

http://www.rimroad.com/articles/2005...rity-Part.html

Well, the usual logic is that if they want to connect their device to your network, they have to abide by your policies... As a consultant, I find more and more of my clients implementing "Foreign Equipment Policies" which my own personal notebook has to conform to before I'm allowed to plug it into a piece of their Ethernet cable.

In the case of a Blackberry, there are two important factors... Firstly, it contains corporate e-mail, which in most organizations is easily deemed to be the property of the corporation. Secondly, if you have MDS enabled, the MDS Browser can access any web services inside your firewall, which makes the devices an even further security risk.

Good point! I didnt realize all the factors that could be at risk. Thank you for the pointers. Forgive me I am still learning as I go.

HAHA I know, Got to understand this company. This whole company is spoiled rotten, they get what they want. HAHA But that is no excuse. Thank you for the advice. I will be pushing out policys now. Thank you!

Regards,
Bryan

Well another thing, MDS is connected directly to the internet, not to any internal sites other than the exchange.

If MDS is on the corporate LAN, then it can access any of the intranet sites. Try it. You should be able to resolve any internal sites from the BB that has MDS enabled.