Remove IT Policy - Page 3 - BlackBerryForums.com : Your Number One BlackBerry Community

John Clark · **OS:** 4.6.1.250

Quote:

Originally Posted by CooCkieXP

Will this bin file work on DM 4.2 SP2?

Yes.

blackberry-guy · 06-27-2007, 01:42 AM

Quote:

Originally Posted by John Clark

Wirelessly posted (BB 8860: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) BlackBerry8100/4.2.1 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/100)

Yes, your issue is due to a leftover IT policy. As far as I know, there is no way to remove the firewalls. In order to access data you need a BB data plan. Without a BB data plan, no data. However, as you say it is sometimes possible to access the internet with Opera and a GPRS data plan. However, with the policy in place its very possible you will never be able to access this. The only way to remove all policy is to connect the BB back to a bes and push a new blank policy to it.

I'm running a blackberry on a pay as you go provider (boost mobile) and I'm using opera mini. I have an IT policy on my BB that I think is preventing me from using other apps like GMAIL (which can be used on other phones using boost). I would like to remove the IT policy and wipe my device to see if I can get GMAIL running.... but I'm afraid that if I change everything I could possibly end up losing the ability to run opera mini. Is there a way for me to back-up my current IT policy and revert back to my current state should this whole process fail and leave me worse off?

blackberry-guy

blackberry-guy · 06-27-2007, 01:45 AM

Quote:

Originally Posted by John Clark

OK...that's the first time you've mentioned the error message you're receiving. Posting that first would have made this easier. Unfortunatly, the remove IT policy procedure will not remove firewall restrictions that were put in place by a BES. The only way to do that is to reconnect to a BES and have a blank policy sent with no restrictions on firewall. Sorry.

Can't somebody come up with a blank policy with no restrictions for everyone to use and to install? What would it take?

blackberry-guy

John Clark · **OS:** 4.6.1.250

Quote:

Originally Posted by blackberry-guy

Can't somebody come up with a blank policy with no restrictions for everyone to use and to install? What would it take?

blackberry-guy

Good question!

blackberry-guy · 06-27-2007, 02:26 PM

Quote:

Originally Posted by John Clark

Good question!

And a question that I'm surprised that nobody seems to know the answer to.

Here's what I've been thinking about.....

Can "any" BES push a blank policy onto your blackberry, or just the BES that installed the restrictions to begin with? If any BES will work, then we would have a few options I think....

But you have to know what you're shooting for first;

A: (what exactly are the settings for a "new" blackberry)

If someone were connected to a BES, what would they need that BES to do for them to reset their device to a totally unlocked and "free" state? Basically, I'm asking; we would need a complete run down of all the settings of each blackberry model as they are set on a "new" fresh unit. We will be striving to reset all blackberry settings and policies to the same state they were when the unit was NEW.

B: (A method for loading the clean state onto a blackberry from a PC)

Can all of the settings of a "new" blackberry be saved and then loaded onto the device from a PC? By "settings", I'm talking about rewriting EVERYTHING back to the way it originally was on a brand new unit.

C: (If it's possible, where to get the "blank" settings)

Someone who has access to BES software might be able to create this "clean state" for us? Or someone using a BES who would like to help us. But, I have more questions....

If only the BES that installed the restrictions can remove them, how difficult would it be to create BES unlocking software. Basically, something that would figure out the BES settings that your device expects, then provide the BB with those settings (making the BB think it's connected to the original BES) so that you can send the "clean" state to it.

It really shouldn't be that big a deal to reset all the policies on a BB and wipe EVERYTHING back to a "new" state (as the unit was when it was new). This should be able to be done with sofware on your PC and not require connection to a BES, etc. Think about it, it CAN be done, we just have to figure out how to do it.

blackberry-guy

John Clark · **OS:** 4.6.1.250

Wirelessly posted (BB 8860: BlackBerry8100/4.2.1 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/100 UP.Browser/5.0.3.3 UP.Link/5.1.2.1)

That's exactly what the above policy.bin does. Its just that it doesn't unlock any application restrictions that have been locked out like keystroke injection.

blackberry-guy · 06-27-2007, 02:52 PM

Quote:

Originally Posted by John Clark

Wirelessly posted (BB 8860: BlackBerry8100/4.2.1 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/100 UP.Browser/5.0.3.3 UP.Link/5.1.2.1)

That's exactly what the above policy.bin does. Its just that it doesn't unlock any application restrictions that have been locked out like keystroke injection.

And nobody knows how to unlock the application restrictions? Do all the answers reside in the policy.bin file ALONE? Or would other files need to be rewritten?

By the way, this is an excellent thread and I very much appreciate your hard work on this issue (and for your time discussing this with me).

blackberry-guy

John Clark · **OS:** 4.6.1.250

Wirelessly posted (BB 8860: BlackBerry8100/4.2.1 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/100 UP.Browser/5.0.3.3 UP.Link/5.1.2.1)

Everything except the application restrictions. Nobody has been able to unlock them. I was thinking of doing a trial of Exchangemymail.com and seeing if that would unlock it. There is no way other than attaching to a BES.

blackberry-guy · 06-27-2007, 03:19 PM

Quote:

Originally Posted by John Clark

Wirelessly posted (BB 8860: BlackBerry8100/4.2.1 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/100 UP.Browser/5.0.3.3 UP.Link/5.1.2.1)

Everything except the application restrictions. Nobody has been able to unlock them. I was thinking of doing a trial of Exchangemymail.com and seeing if that would unlock it. There is no way other than attaching to a BES.

If you have the time, would you mind explaining what you hope to accomplish by using exchangemymail.com and HOW it will be accomplished? I'd like to get a better idea of exactly what needs to be done and what you're trying to do, so I can research this issue correctly.

What does attaching to a BES actually "DO" for your handheld that unlocks the restrictions? What does it change on the handheld and HOW does it do it?

Sorry for the stupid questions, I"m just trying to understand fully what a BES does for the handheld and why we can't FORCE those same changes without the BES.

blackberry-guy

Dawg · 04:20 PM

Quote:

Originally Posted by blackberry-guy

If you have the time, would you mind explaining what you hope to accomplish by using exchangemymail.com and HOW it will be accomplished? I'd like to get a better idea of exactly what needs to be done and what you're trying to do, so I can research this issue correctly.

What does attaching to a BES actually "DO" for your handheld that unlocks the restrictions? What does it change on the handheld and HOW does it do it?

Sorry for the stupid questions, I"m just trying to understand fully what a BES does for the handheld and why we can't FORCE those same changes without the BES.

blackberry-guy

Please take what I am about to say with a grain of salt, I would highly recommend that you sell that BB and buy a new one. You wont be happy with it, only because of the amount of work you are going to have to put into it.

I would highly suggest that you buy a new device so you wont be so frustrated.

What j is talking about is attaching another BES to the phone that installs anothe IT policy to it. That may remove the first one it may not. I would lean toward the second.

You cant force the existing BES off with out having the IT dept remove it or tryingto put a new one one which I dont think is possible.

Not to mention you are using boost so none of the features are going to work for you anyway. You can use it as a phone and a PDA but you wont be able to use BIS or any other intergraded feature of the BB

John Clark · **OS:** 4.6.1.250

Dawg is right. Many people have tried to get rid of these settings. Unfortunatly, these policies are put on for a reason and therefore are not easily taken off. The fact is that it's not possible to "remove" the policies. I believe that when the carriers or RIM refurbish they can remove them but not the end users. This thread is the best there is for making used BB's work. While it's good to be on the lookout for other methods we need to just live wth the fact that used BB's have their issues.

newbie100 · 06-28-2007, 07:53 AM

I have tried to read every message in this thread, but I cant seem to wonder why the following would not work.

1. I have a BB (8800 O/s 4.2) activated to a BES

2. I wiped / nuked the device.

3. Then the device was no longer activated to the BES. - So all policies should be wiped. Correct ???

I cant understand the need to download a policy.bin file.

Can someone please explain why the policy.bin file is needed ?

Thanks

gacek · 06-29-2007, 06:41 AM

Hi guys,

i read all threds in this post and try disabled IT Policy in my BB 8700g and i have a problem :( My BB works in ERA network Poland, my OS ver.4.1. So i downloaded file policy.bin, i make change in Windows register and gone according to John Clark tutorial's and i still do not load applications to my BB :/

Who can help me?

blackberry-guy · 07-01-2007, 10:02 PM

Quote:

Originally Posted by JoeIndy

John, sorry to hear that it didn't work. I did some looking and found a user manual for a Bluetooth Keyboard designed for BlackBerry's. There's a section for how to allow use of the keyboard through BES. But, it looks like something that isn't accessable to BES Express without going through the whole installation and everything... basically, another section of policies that isn't controlled through policy.bin.

BlueKeyboard Download - Download the manual, see page 26.

Best of luck getting it resolved. -- Joe

Another set of policies? I know I'm still totally ignorant when it comes to this issue, but I'm trying to gather info and learn. So basically, you're saying that the policy.bin file controls several MAIN functions, but not all. The other functions are controlled by OTHER policy files? My questions would then be this:

What settings exactly does policy.bin control, and what are the defaults that will be obtained by applying the blank policy.bin (please list them).

Also, what files then would control the OTHER policies and where might we obtain them in order to tinker with them.

blackberry-guy

John Clark · **OS:** 4.6.1.250

FYI: This is what's in the policy.bin posted above:

Code:

Policy.inf  - Management Configuration file for Desktop Software
;                
;
;  Notes: For comments a (;) must be at the beginning of the line
;         Use (\) for line continuation for strings
;            
;         Format:  Key = Value           
;                  Key {Policy } = value
;                  Key {Default} = value
;                  
;                  where: 'value'   can be an int, boolean or string.
;                         {Policy}  key is updated if different time stamp.
;                         {Default} key is updated only once.
;
;                  If no policy attribute {}, key will default to 'Default'
;
;***************************************************************************

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Desktop Manager Configuration
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; If application is shown on task bar.
HideWhenMinimized {default} = true

; Prompt the user when the Desktop Manager starts.
MessagePrompt {default} = Welcome to the Desktop Manager.

; To enable or disable the USB-Serial converter
EnableUSBconverter {default} = false

; Control whether the Application Loader is available to the user.
ShowApplicationLoader {default} = true

; Control whether if offline IT Policy warning prompt should be displayed.
ShowPolicyErrMsg {default} = true

; Control the length of time the device password is cached by Desktop Manager. (Minutes)
DesktopPasswordTimeout {policy} = 10

; This setting controls whether or not Desktop add-ins are permitted.
; When set to false, no desktop add-in code will be executed.
AllowDesktopAddIns {policy} = true

; Indicates whether or not the desktop software will allow the user to switch devices.
AllowDeviceSwitch {policy} = true

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Synchronization
;; Synchronize for PIM,Email and Folder Management defaults.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;


; This setting allows you to specify whether or not you would like PIM 
; information to be synchronized when the user selects the Synchronize Now 
; button from the Intellisync dialog.
SynchronizeNowPIM = true

; This setting allows you to specify whether or not you would like Email
; information to be synchronized when the user selects the Synchronize Now 
; button from the Intellisync dialog.
SynchronizeNowEmail = true

; This setting allows you to specify whether or not you would like the date and 
; time to be synchronized when the user selects the Synchronize Now button from 
; the Intellisync dialog.
SynchronizeNowDateTime = true

; This setting allows you to specify whether or not you would like PIM 
; information to be  to be automatically synchronized when the handheld 
; is connected to the PC.
AutoSynchronizePIM = false

; This setting allows you to specify whether or not you would like Email
; information to be  to be automatically synchronized when the handheld 
; is connected to the PC.
AutoSynchronizeEmail = false

; This setting allows you to specify whether or not you would like Date and Time
; information to be  to be automatically synchronized when the handheld 
; is connected to the PC.
AutoSynchronizeDateTime = false

; This setting allows you to specify whether or not you would like to synchronize 
; folders instead of performing an import.
SyncFoldersInsteadOfImport = true

; This setting allows you to specify how information conflicts between the handheld 
; and the PC encountered during synchronization are handled. If set to true, desktop 
; information is used. If set to false, handheld information is used.
FolderConflictDesktopWins = true

; This setting allows the enabling or disabling of wireless email reconcilation.
AllowWirelessEmailSynchronization = true

; This setting allows the wireless calendar synchronization functionality to be disabled.
DisableWirelessCalendar = false

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Redirector Settings
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; Append signature on out going messages
AutoSignature = -----------------\
Sent from my BlackBerry Handheld.

; Forwards messages to the handheld
ForwardMessagesToHandheld = true

; Allows user's to receive mail when handheld is connected to cradle
ForwardMessagesInCradle = false

; Setup filter rules for email redirection
FilterRuleFile = c:\myfilters.rfi
; When filter rules don't apply, forward or don't send messages
ForwardWhenRulesDontApply = true

; When sending a message from handheld, don't save a copy in my 'Sent Items' folder
DontSaveSentMessages = false

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Backup/Restore Configuration
;;
;; These value control the setting in "Backup and Restore Options" dialog
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; This value control the value of the "Automatically backup my handheld" setting
; in the options dialog, which is enables or disables prompted Automatic Backups.
AutoBackupEnabled = true

; This value indicates how often an AutoBackup is performed in days.
AutoBackupFrequency = 7

; This setting controls the exclusion of Email and synchronized data from the
; automatic backup. If set to true, the "Backup all handheld application data"
; radio button is selected.
AutoBackupIncludeAll = true

; This setting allows control over whether email is excluded from automatic backups
; (when AutoBackupIncludeAll is false).
AutoBackupExcludeEmail = false

; This setting allows control over whether synchronized application data is excluded
; from automatic backups (when AutoBackupIncludeAll is false). "Synchronized data" is
; that data which is configured for synchronization with Intellisync; this varies
; according to the user's preferences.
AutoBackupExcludeSync = false

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; WebLink Configuration
;;
;; These values control the appearance and behaviour of the WebLink extension.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; Setting this value to false prevents the WebLink icon from being displayed.
ShowWebLink = true

; This setting specifies the URL that will be used when the WebLink
; icon is activated.
WebLinkURL = www.your_network_here.com/go/downloads

; This setting controls the label that is displayed for the WebLink icon.
WebLinkLabel = Downloads

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Device Security Settings
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; Determine if the password is required on device
PasswordRequired {policy} = false

; Determine if the user can disable the password
UserCanDisablePassword {policy} = true

; Minimum length of the password.
; Valid range is 1 to 12 characters, inclusive.
;
; This value indicates the minimum length of an acceptable device
; security password.
MinPasswordLength {policy} = 4

; Password Pattern Checks
; Valid range is 0 or 1 at this time
;    0 -> no checks
;    1 -> ensure password has at least on letter and one digit
PasswordPatternChecks {policy} = 0

; Suppress Password Echo
;
; Option to disable password echo after x numbers of fail attempts to unlock handheld.
; false -> Disable
; true -> Enable
;
SuppressPasswordEcho {policy} = false

; Maximum device security timeout.
; Valid range is 1 to 60 minutes, inclusive.
;
; The handheld user is permitted to select any security timeout value
; less than this value.
MaxSecurityTimeout {policy} = 60

; Password Timeout
; Valid range is 0 to 60 minutes, inclusive.
;
; Set the effective password timeout on handheld.  This value must be 
; less than that of the MaxSecurityTimeout.
SetPasswordTimeout {policy} = 60

;
; If set, forces the device to the lock screen when it is holstered
ForceLockWhenHolstered {policy} = false

; Determine if the user can change the timeout
UserCanChangeTimeout {policy} = TRUE

; Password aging.
; Valid range is 0 to 365.
; 
; Specifying a value of 0 indicates password aging is disabled. Other
; values specify the maximum age of the password before the handheld
; user is prompted to change it.
MaxPasswordAgeInDays {policy} = 365

; Password History
; Valid range is 0 to 15
;
; Specify the number of passwords to retain for checking. Passwords in password history cannot be used when 
; setting a new handheld password.
;
MaximumPasswordHistory {policy} = 0


; Maximum Password Attempts
; Valid range is 3 to 10
;
; Set the maximum number of  password attempts on handheld. 
;
SetMaximumPasswordAttempts {policy} = 10

; Indicate if Long Term Security Timeout is enabled/disabled
;
; If true, handheld long term timeout is enabled
; If false, handheld long term timeout is disabled.
LongTermTimeoutEnable {policy} = false

; Attachment Viewing
;
; Controls the ability to view email attachments on the handheld.  
; If set to true then users can view attachments on the handheld 
AllowAttachmentViewing {policy} = true

; Policies that control the behaviour of third party applications
; on Java-based handhelds.
AllowThirdPartyUseSerialPort {policy} = true
AllowExternalConnections {policy} = true
AllowInternalConnections {policy} = true
AllowSplitPipeConnections {policy} = true
DisallowThirdPartyAppDownloads {policy} = false

; Policies that control the behaviour of the handheld Browser application
;
; DefaultBrowserConfigUID {default} = "BlackBerry Browser"
; MDSBrowserTitle {default} = "YourCompany Intranet"
; HomepageAddress {default} = www.your_network_here.com
; HomepageAddressReadOnly {policy} = true
; EnableWAPConfig {policy} = false


;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
; Policies that apply to the TLS protocol. 
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;


; TLS Disable Invalid Connection
; Disallow users to connect to a server with an invalid certificate (i.e revoked, expired, etc ).
; Value: 0=true,1=false,2=prompt on device
TLSDisableInvalidConnection {policy} = 1

; TLS Disable Untrusted Connection
; Prevent TLS connections to untrusted servers.
; Values: 0=true,1=false,2=prompt on device
TLSDisableUntrustedConnection {policy} = 2

; TLS Disable Weak Ciphers
; Disable use of weak ciphers during a TLS connection.
; Values: 0=true,1=false,2=prompt on device
TLSDisableWeakCiphers {policy} = 2

; TLS Minimum Strong DH Key Length,
; Valid range 512 to 4096
TLSMinimumStrongDHKeyLength {policy} = 1024

; TLS Minimum Strong ECC Key Length
; Valid range 160 to 571
TLSMinimumStrongECCKeyLength {policy} = 163

; TLS Minimum Strong RSA Key Length
; Valid range 512 to 4096
TLSMinimumStrongRSAKeyLength  {policy} = 1024

; Disable the use of any cipher that is not FIPS compliant.
TLSRestrictFIPSCiphers {policy} = false

; TLS Minimum Strong DSA Key Length
; 
; Set the minimum DSA key size allowed for use during a TLS connection.
; Range: 512 - 1024 bits in 64 bit increments
TLSMinimumStrongDSAKeyLength {policy} = 1024

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Messaging Settings.
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; Indicate if PIN to PIN messaging is permitted.
;
; If true, handheld users are permitted to use the PIN to PIN messaging
; feature. If false, this capability is hidden from the handheld user.
AllowPINtoPIN {policy} = true

; Indicate if the specification of BCC recipients is permitted.
;
; If true, handheld users can specify BCC recipients when composing messages.
; If false, this capability is unavailable to handheld users.
AllowBCCRecipients {policy} = true

; Indicate if SMS messaging is permitted.
;
; If true, handheld users are permitted to send SMS messages.
; If false, this capability is unavailable to handheld users.
AllowSMS {policy} = true

; Indicate if the RIM phone application can be used on the handheld.
;
; If true, handheld users are permitted to use the handheld's phone.
; If false, users are not permitted to use the handheld's phone.
AllowPhone {policy} = true

; Indicate if the RIM web browser can be used on the handheld.
;
; If true, handheld users are permitted to use the handheld's web browser.
; If false, users are not permitted to use the handheld's web browser.
AllowBrowser {policy} = true

; Indicate if other email services are permitted on the handheld.
;
; If false, no other email service books (other than the Enterprise
; edition one) are permitted on the handheld. Any other existing email
; service books are removed when the policy is installed; while the
; policy is in effect, other email service books will be rejected by the
; device. This forces all outbound email to be routed through the
; organization's BlackBerry Enterprise Server. 
;
; If true, no restrictions are applied to email service books.
AllowOtherEmailServices {policy} = true

; Indicate if other browser transport services are permitted on the handheld.
;
; If false, no other browser transport service books (other than the
; Enterprise edition one) are permitted on the handheld. In this case,
; any other existing browser transport service books are removed when the
; policy is installed; while the policy is in effect, other browser transport
; service books will be rejected by the device. This forces all browser
; traffic to be routed through the organization's BlackBerry Enterprise Server. 
;
; If true, no restrictions are applied to browser transport service books.
AllowOtherBrowserServices {policy} = true

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Owner Information
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; Owner Name - if value = '*' use the registry setting
OwnerName {default} = Research In Motion Ltd.

; Owner Info - if value = '*' use the registry setting
OwnerInfo {default} = Please return to RIM\
Phone # (519) 888-7465\
295 Phillip St\
Waterloo Ont\
N2L 3W8
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Other Info
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

blackberry-guy · 11:12 PM

Thanks very much for the in-depth breakdown of the contents of the policy.bin file!

It'll be intersting to see if we can also find out what files control the bluetooth stuff and firewall settings (that the policy file does not). And then also if we can manipulate them without needing to connect to a BES.

Then again, and I know this is a long shot, could it be that we could manipulate the OTHER settings (for bluetooth keyboard, etc.) by adding options within the policy.bin file that are currently not there? I know that the compiler may not offer other settings to be adjusted, but if those settings are indeed controlled from within policy.bin and the compiler simply doesn't offer the ability to set them, that doesn't mean that we might not be able to hack policy.bin with other settings. Of course, that would only work if those settings for bluetooth keyboard, firewall, etc. can be controlled via policy.bin. If they are, we might be able to hack them into the policy.bin file.

If those settings are controlled by other policy files, we need to find out which ones.

Thanks again!

blackberry-guy

John Clark · **OS:** 4.6.1.250

Many others have tried with no success.....Good luck!

mgmillsa · 07-02-2007, 06:16 PM

A simple method that we have found at my company is to install all the 3rd-party SW you want after you setup of the phone with the carrier, but before you activate with BES the first time. Probably not much use for most of you BES users, but will help for your next Blackberry.

WILEMORE · 07-02-2007, 07:31 PM

Any help on getting around the gps so that the company cant track me?

blackberry-guy · 07-03-2007, 06:22 AM

Quote:

Originally Posted by WILEMORE

Any help on getting around the gps so that the company cant track me?

Smash your blackberry with a hammer!

blackberry-guy

P.S. I wish I had some serious info for you.... maybe someone else will

RWM · 07-14-2007, 11:34 AM

Thanks, John. I hate to waste space with just a thank you, but you should know how much your efforts are helping the little people out here. Thanks again.

John Clark · **OS:** 4.6.1.250

Thanks! I didn't come up with this fix, however....I only reworded and posted here for everyone's convenience. I did create the policy.bin that is linked as people were unsure of the one posted on the internet. It has helped many many people, though.

cwonsey · **No Wipe Option - Newest O/S -** 07-21-2007, 01:24 PM

I do not have the option to Wipe in my security settings and I have upgraded to the latest Roger's O/S. Is it possible that the Wipe option is disabled by the policy on the device? If so, is there a way around this or am I SOL without finding a BES server?

smoosa · 07-30-2007, 08:59 PM

hey guys great article, but I am one of those unfortunates not to be able to have this thing work. I have done step by step and I still have not been able to remove the IT policy. I have a 7290 from Rogers. Upon pointing the key to the policy it still will not allow me to disable the firewall. There are options on how to reset the settings/save/cancel and that's it. The policy that was on here makes me change passwords on the blackberry every 30 days. I cannot also use google maps because of the firewall. I have the latest desktop manager software 4.2.2, and the latest 4.0 handheld code. I did try a j cmd to wipe the device first and then javaloader to load the software direct out of the box no luck. Then I followed the article step by step and still no luck :(, any other suggestions?

FourPetesake · **RIM Support said: -** 08-01-2007, 03:29 PM

I EBay'd a 7250 the other day which came with an ITPolicy on it. I was unable to send SMS, or download any applications from the web. Not knowing what the problem was I spent time on the phone with Verizon and RIM trying to get to the bottom of this. Then I found this thread and found it interesting. RIM said they would get back to me in 24 hours with a solution. I didn't want to go home and follow the procedure listed in this thread because the profile was not going to be completely removed. Well wouldn't you know, RIM sent me the identical procedure and an enclosed "profile.bin" and commented:

"Although an IT Policy cannot be removed from a BlackBerry, we can overwrite it with a less restrictive one. This will require that the handheld be wiped of all data, so please ensure that your handheld is backed up prior to starting."

There you have it, from the horses mouth.

-Four

John Clark · **OS:** 4.6.1.250

What is the "profile.bin" used for? Are you referring to policy.bin?

delyon · 08-11-2007, 02:30 PM

Ok maybe you can help me John. I bought a used 8300 Curve and I have an IT policy on it. I am also a mac user, so this will be a bit different.

I had the same issue with the security password enabled. I have an IT policy that says IT Policy Name: Password Policy (it also says last updated Jun 27,2007 12:41PM)

Now I have a unique problem that I have not seen here. When I try to sync it with my mac software the software asks for password. When I type in the password it doesnt accept it as being correct. And i can see this to be true when I check the blackberry it shows incorrect tries.

I use a program called Parallels Desktop to run windows Vista and I downloaded your post and followed the instructions to a T. When i try to activate the phone with the desktop manager it too asks for a password. I have tried in vain to get beyond this step. I have tried 4 zeros, 5 zeros, 1234. I have tried resetting the password on the phone, all to no luck.

Do you know of anyway around this? I think all that I need to do is validate the phone and then I can change the password to disabled and I should be ok.

Appreciate any help.

attlee · **cant work -** 09-19-2007, 02:49 AM

thanks your information regarding the removal of IT Policy, after following the procedure that you provided, I still cant remove the IT Policy of my 8707G, can let me know what has happened or in fact i cant apply the procedure for this model ? thanks

newbie100 · 09-19-2007, 04:02 AM

Ok, I have tried this, and it works for me :-

Create an online IMAP account if you dont have one.
Download and Install Free BES for MDS Trial version on WinXP pro.
Configure the BES server to use the IMAP server as part of the install.

Now, use the BES server to generate a password for your new device, and
then on the device, enter the IMAP4 email address and password.

This will associate your device with your very own 120 day trial BES server.
You can then reset all restrictive IT policies.

You need to wipe your handheld clean in order to associate with a new BES server.

It should still work after you uninstall the BES server.

Have not tried to disassociate the user from the BES server, but may do that before my 120 trial runs out to see what happens (i.e if it removes the IT policy).

John Clark · **OS:** 4.6.1.250

The policy.bin posted above came from BES express. The process here should give you the same policy without the need to install BES express or trial.

Mark Rejhon · 09-19-2007, 12:06 PM

I still have some other BlackBerries that do not come with Keystroke Injection support. These IT Policies do squat about that. And I'm told even downloading the BES Trial wouldn't help. (Unless the newer version fixes that yet?)

Anybody come up with a solution to re-enabling Keystroke Injection on BlackBerry devices, yet? I'd love to know. That'd finally permit Bluetooth keyboards to work on those BlackBerries again.

John Clark · 12:37 PM

Nothing that I know of Mark, short of adding it back to a BES that will push new application permission defaults back to the device. The keystroke injection is not included in the "IT policy." It's another control on the BES that disables it. When I added my Freedom keyboard the BES Admin had to put me into another application permission group (my terminolgoy may be off here as it was quite a while back.) I can use keystroke injection with that particular driver/app only. I can likely connect any BB to my account on BES and get that same policy pushed automatically. It would open up the keystroke injection for that particular driver.

Edit: He did say that there was a way to open up keystroke injection for anything but that he didn't want to do that. There are only two things our BES has locked. Keystroke injection and browser filters. Other than that they put no restrictive policy on our devices.

Mark Rejhon · 09-20-2007, 05:50 PM

I guess Keystroke Injection is highly secured, because of the dangers it poses: It can be used to secretly remotely access a BlackBerry, something you don't want hackers to do...

dotcalm1 · **THanks! -** 09-21-2007, 07:12 PM

It worked! Thank you

micmac · 09-22-2007, 09:09 AM

hi i have 8700v from vodafone i cannot install any appz because this policy
i followed all steps to remove it policy but without succes

i can remove the it policy in 8700v?????

John Clark · **OS:** 4.6.1.250

The policy can be removed on the 8700v. You must be doing something wrong somewhere in the process.

micmac · 09-22-2007, 09:19 AM

hi

no man, all steps is good
1- i putted policy.bin in C:\Program Files\Research In Motion\BlackBerry
2- i Wiped your Blackberry
3- i Closed the Desktop Manager
4- i do it this :
HKEY_Current_Users\Software\Research In Motion\BlackBerry\PolicyManager

Right-Click the Policy Manager Folder and select New/String Value. Name the value Path. Now, Double-Click the Path Subkey and set Value Data to:

C:\Program Files\Research In Motion\BlackBerry\policy.bin

5- Open the Desktop Manager.

6- Connect the Device.

i do it all this

what's wrong ???

bb8700v v4.2.1.101 (plate-forme 2.3.0.81)

micmac · 09-22-2007, 09:32 AM

hi

when i wipe my device always he need new password, i enter the new but i cannot disable it

plz i need ur help

micmac · 09-22-2007, 09:34 AM

and i c always this error when i want to install appz

A fatal error has occurred while updating your device's software. Please try again.

The following modules are not permitted to be loaded by your administrator:

xplayer.cod
xplayer_th_loader.cod
xplayer_theme_0.cod
xplayer_theme_1.cod
xfile.cod

dregnery · **Not going to use a BES -** 09-24-2007, 08:59 PM

I am not attached to a BES and will not use a BES. I will use the Desktop Redirect Connection, assuming I can remove the previous owners IT Policy.