Disable BlackBerry Desktop Manager throught BES IT Policy
Hi All,
Does anyone knows a way to disable the BlackBerry Desktop Manager from IT Policy ? I'm currently using the following settings to mitigate the problem: Desktop-Only Items: Show Application Loader: False Security Policy Group: Desktop Backup: No databases Disable USB Mass Storage: True Disable External Memory: True Desktop Policy Group: Desktop Allow Desktop Add-ins: False Desktop Allow Device Switch: False Disable Media Manager: True I notice when the BlackBerry Desktop Manager runs for the first time, i can do everything, even install applications but when i rerun the program again, most of the icons are gone. I expected this kind of behaviour on the first time. Bottom line: I need to deploy 400 BB very soon and i'm trying to close all open doors, we're very concerned about security issues . Disable all USB connections will be perfect. BES 4.1.4.12 Desktop Manager 4.3 |
I think.... the IT policy won't be on a new blackberry until part way through the enterprise activation -- so that has to happen and then bb is connected to the PC to cause the polciy to come through the bb to the pc???
Sounds logical to me but.... |
Until the Desktop Manager is associated with a device then the IT Policy won't have any affect on it. I think Andi hit the nail on the head.
|
Enterprise Activations are allways OTA.
I'm try to avoid my BB users connect their BBs on the PC, so simple as that |
You can't stop the installation of DTM through Policy, just limit it's uses. Even then they have to EA first and then cradle via the USB for it to apply to the DTM software on the Desktop.
Sounds like they have to connect with USB at some point, unless you outlaw the Desktop software :shock: You could allow a basic install of just the Device Manager. It just installs the drivers so it can charge faster. There is no gui installed so they can't use Application Loader or anything for that matter, just charge it if the battery is low. |
I just can't deny wire access. The only think i can do is limit the use, but when DTM runs for the first time, anyone can do whatever they want, doesn't sound logical to me. Addicionally DTM policy setting are on 4 groups, doesn't sound logical to me either. And what about a IT Policy USB deny setting, who needs to charge connects to power...
|
Quote:
Isn't there some concern that if you lock down the BB so much that you might as well just give your users a pad of yellow legal paper and a pen and tell them "good luck"??? Security is one thing ... but there has to be some reasonable limit. |
Quote:
:idea: The less damage they can do to themselves, the less cleanup there is for me. |
Quote:
I guess it might not be an Enterprise Activation ... no, it is. |
Quote:
|
Quote:
Our EA... |
All times are GMT -5. The time now is 12:10 PM. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.