Originally Posted by alitaff
hi can you advise exactly which IT policies to set on the BES to 'lock down' the devices. I a new BES admin and have only just started getting to grips with IT policies.
This is what I have set, but currently we DO let users download software. In addition to the settings below, you would want set:
Disallow Third Party Application Downloads = True
This is my IT Policy, but it may not work for you. I recomend using the Admin Guide to determine what settings are best for your environment.
HANDHELD POLICY SETTINGS:
IT Policy Name = "<companyname> Policy"
Password Required = TRUE
Minimum Password Length = 4
User Can Disable Password = FALSE
User Can Change Timeout = TRUE
Enable Long-Term Timeout = TRUE
Home Page Address = "http://<mybesserver>"
Enable WAP Config = FALSE
Password Policy Group:
Forbidden Passwords = ""1234", "2345", "3456", "password", "Password" "
Periodic Challenge Time = 60
Duress Notification Address = "<myemailaddress>"
Set Maximum Password Attempts = 8
Set Password Timeout = 60
Security Policy Group:
Disable Unverified Certificate Use = TRUE
Desktop Backup = 1
Allow Outgoing Call When Locked = FALSE
Disable Forwarding Between Services = TRUE
Disable Radio When Cradled = 1
Disable Weak Certificate Use = TRUE
Disable Invalid Certificate Use = TRUE
Allow Split-Pipe Connections = FALSE
Allow External Connections = FALSE
Allow Third Party Apps to Use Persistent Store = FALSE
Allow Third Party Apps to Use Serial Port = FALSE
Key Store Password Maximum Timeout = 60
Disable Key Store Low Security = TRUE
Disable Revoked Certificate Use = TRUE
Disable Untrusted Certificate Use = TRUE
Memory Cleaner Policy Group:
Force Memory Clean When Idle = TRUE
Memory Cleaner Maximum Idle Time = 60
Browser Policy Group:
Allow IBS Browser = FALSE
MDS Browser Title = "<companyname> Web Browser"
Bluetooth Policy Group:
Require Password for Discoverable Mode = TRUE
Require Password for enabling Bluetooth Support = TRUE
Disable Wireless Bypass = TRUE
Allow Outgoing Calls = 1
Disable Discoverable Mode = TRUE
BlackBerry Messenger Policy Group:
Messenger Audit Max Report Interval = 1
Messenger Audit Email Address = "<myemailaddress>"
DESKTOP POLICY SETTINGS:
Show Application Loader = FALSE
Force Load Count = 0
Auto Backup Enabled = TRUE
Auto Backup Frequency = 1
Auto Backup Include All = TRUE
Do Not Save Sent Messages = FALSE