Disable BlackBerry Desktop Manager throught BES IT Policy
 

Hi All,

Does anyone knows a way to disable the BlackBerry Desktop Manager from IT Policy ?

I'm currently using the following settings to mitigate the problem:

Desktop-Only Items:
Show Application Loader: False
Security Policy Group:
Desktop Backup: No databases
Disable USB Mass Storage: True
Disable External Memory: True
Desktop Policy Group:
Desktop Allow Desktop Add-ins: False
Desktop Allow Device Switch: False
Disable Media Manager: True

I notice when the BlackBerry Desktop Manager runs for the first time, i can do everything, even install applications but when i rerun the program again, most of the icons are gone. I expected this kind of behaviour on the first time.

Bottom line: I need to deploy 400 BB very soon and i'm trying to close all open doors, we're very concerned about security issues . Disable all USB connections will be perfect.

BES 4.1.4.12
Desktop Manager 4.3

I think.... the IT policy won't be on a new blackberry until part way through the enterprise activation -- so that has to happen and then bb is connected to the PC to cause the polciy to come through the bb to the pc???

Sounds logical to me but....

Until the Desktop Manager is associated with a device then the IT Policy won't have any affect on it. I think Andi hit the nail on the head.

Enterprise Activations are allways OTA.
I'm try to avoid my BB users connect their BBs on the PC, so simple as that

You can't stop the installation of DTM through Policy, just limit it's uses. Even then they have to EA first and then cradle via the USB for it to apply to the DTM software on the Desktop.

Sounds like they have to connect with USB at some point, unless you outlaw the Desktop software :shock:

You could allow a basic install of just the Device Manager. It just installs the drivers so it can charge faster. There is no gui installed so they can't use Application Loader or anything for that matter, just charge it if the battery is low.

I just can't deny wire access. The only think i can do is limit the use, but when DTM runs for the first time, anyone can do whatever they want, doesn't sound logical to me. Addicionally DTM policy setting are on 4 groups, doesn't sound logical to me either. And what about a IT Policy USB deny setting, who needs to charge connects to power...

Isn't there some concern that if you lock down the BB so much that you might as well just give your users a pad of yellow legal paper and a pen and tell them "good luck"???

Security is one thing ... but there has to be some reasonable limit.

Word. I don't even tell my users about the DTM or the USB cable. I reinforce that everything is synched OTA and there isn't a need for the software or cable.

:idea: The less damage they can do to themselves, the less cleanup there is for me.

Really? So what is it called when I plug in my BB to a PC with Desktop Manager and activate?

I guess it might not be an Enterprise Activation ... no, it is.

Glad to know someone else is also using the same logic i am. All my end users have been given is the BB and the mains charger.

Our EA...