BlackBerry Forums Support Community               

Reply
 
LinkBack Thread Tools
Old 06-26-2007, 02:13 AM   #81 (permalink)
BBF Moderator
 
John Clark's Avatar
 
Join Date: Jun 2005
Model: Z30
OS: 10.2.1.x
PIN: s & needles
Carrier: AT&T
Posts: 34,667
Post Thanks: 1
Thanked 84 Times in 65 Posts
Default

Please Login to Remove!

Quote:
Originally Posted by CooCkieXP View Post
Will this bin file work on DM 4.2 SP2?
Yes.
Offline   Reply With Quote
Old 06-27-2007, 12:42 AM   #82 (permalink)
Knows Where the Search Button Is
 
Join Date: Jun 2007
Model: 7520
PIN: N/A
Carrier: Boost Mobile
Posts: 43
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by John Clark View Post
Wirelessly posted (BB 8860: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) BlackBerry8100/4.2.1 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/100)

Yes, your issue is due to a leftover IT policy. As far as I know, there is no way to remove the firewalls. In order to access data you need a BB data plan. Without a BB data plan, no data. However, as you say it is sometimes possible to access the internet with Opera and a GPRS data plan. However, with the policy in place its very possible you will never be able to access this. The only way to remove all policy is to connect the BB back to a bes and push a new blank policy to it.
I'm running a blackberry on a pay as you go provider (boost mobile) and I'm using opera mini. I have an IT policy on my BB that I think is preventing me from using other apps like GMAIL (which can be used on other phones using boost). I would like to remove the IT policy and wipe my device to see if I can get GMAIL running.... but I'm afraid that if I change everything I could possibly end up losing the ability to run opera mini. Is there a way for me to back-up my current IT policy and revert back to my current state should this whole process fail and leave me worse off?

blackberry-guy
Offline   Reply With Quote
Old 06-27-2007, 12:45 AM   #83 (permalink)
Knows Where the Search Button Is
 
Join Date: Jun 2007
Model: 7520
PIN: N/A
Carrier: Boost Mobile
Posts: 43
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by John Clark View Post
OK...that's the first time you've mentioned the error message you're receiving. Posting that first would have made this easier. Unfortunatly, the remove IT policy procedure will not remove firewall restrictions that were put in place by a BES. The only way to do that is to reconnect to a BES and have a blank policy sent with no restrictions on firewall. Sorry.
Can't somebody come up with a blank policy with no restrictions for everyone to use and to install? What would it take?

blackberry-guy
Offline   Reply With Quote
Old 06-27-2007, 02:01 AM   #84 (permalink)
BBF Moderator
 
John Clark's Avatar
 
Join Date: Jun 2005
Model: Z30
OS: 10.2.1.x
PIN: s & needles
Carrier: AT&T
Posts: 34,667
Post Thanks: 1
Thanked 84 Times in 65 Posts
Default

Quote:
Originally Posted by blackberry-guy View Post
Can't somebody come up with a blank policy with no restrictions for everyone to use and to install? What would it take?

blackberry-guy
Good question!
Offline   Reply With Quote
Old 06-27-2007, 01:26 PM   #85 (permalink)
Knows Where the Search Button Is
 
Join Date: Jun 2007
Model: 7520
PIN: N/A
Carrier: Boost Mobile
Posts: 43
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by John Clark View Post
Good question!
And a question that I'm surprised that nobody seems to know the answer to.

Here's what I've been thinking about.....

Can "any" BES push a blank policy onto your blackberry, or just the BES that installed the restrictions to begin with? If any BES will work, then we would have a few options I think....

But you have to know what you're shooting for first;

A: (what exactly are the settings for a "new" blackberry)

If someone were connected to a BES, what would they need that BES to do for them to reset their device to a totally unlocked and "free" state? Basically, I'm asking; we would need a complete run down of all the settings of each blackberry model as they are set on a "new" fresh unit. We will be striving to reset all blackberry settings and policies to the same state they were when the unit was NEW.

B: (A method for loading the clean state onto a blackberry from a PC)

Can all of the settings of a "new" blackberry be saved and then loaded onto the device from a PC? By "settings", I'm talking about rewriting EVERYTHING back to the way it originally was on a brand new unit.

C: (If it's possible, where to get the "blank" settings)

Someone who has access to BES software might be able to create this "clean state" for us? Or someone using a BES who would like to help us. But, I have more questions....

If only the BES that installed the restrictions can remove them, how difficult would it be to create BES unlocking software. Basically, something that would figure out the BES settings that your device expects, then provide the BB with those settings (making the BB think it's connected to the original BES) so that you can send the "clean" state to it.

It really shouldn't be that big a deal to reset all the policies on a BB and wipe EVERYTHING back to a "new" state (as the unit was when it was new). This should be able to be done with sofware on your PC and not require connection to a BES, etc. Think about it, it CAN be done, we just have to figure out how to do it.

blackberry-guy
Offline   Reply With Quote
Old 06-27-2007, 01:35 PM   #86 (permalink)
BBF Moderator
 
John Clark's Avatar
 
Join Date: Jun 2005
Model: Z30
OS: 10.2.1.x
PIN: s & needles
Carrier: AT&T
Posts: 34,667
Post Thanks: 1
Thanked 84 Times in 65 Posts
Default

Wirelessly posted (BB 8860: BlackBerry8100/4.2.1 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/100 UP.Browser/5.0.3.3 UP.Link/5.1.2.1)

That's exactly what the above policy.bin does. Its just that it doesn't unlock any application restrictions that have been locked out like keystroke injection.
Offline   Reply With Quote
Old 06-27-2007, 01:52 PM   #87 (permalink)
Knows Where the Search Button Is
 
Join Date: Jun 2007
Model: 7520
PIN: N/A
Carrier: Boost Mobile
Posts: 43
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by John Clark View Post
Wirelessly posted (BB 8860: BlackBerry8100/4.2.1 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/100 UP.Browser/5.0.3.3 UP.Link/5.1.2.1)

That's exactly what the above policy.bin does. Its just that it doesn't unlock any application restrictions that have been locked out like keystroke injection.
And nobody knows how to unlock the application restrictions? Do all the answers reside in the policy.bin file ALONE? Or would other files need to be rewritten?

By the way, this is an excellent thread and I very much appreciate your hard work on this issue (and for your time discussing this with me).

blackberry-guy
Offline   Reply With Quote
Old 06-27-2007, 01:55 PM   #88 (permalink)
BBF Moderator
 
John Clark's Avatar
 
Join Date: Jun 2005
Model: Z30
OS: 10.2.1.x
PIN: s & needles
Carrier: AT&T
Posts: 34,667
Post Thanks: 1
Thanked 84 Times in 65 Posts
Default

Wirelessly posted (BB 8860: BlackBerry8100/4.2.1 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/100 UP.Browser/5.0.3.3 UP.Link/5.1.2.1)

Everything except the application restrictions. Nobody has been able to unlock them. I was thinking of doing a trial of Exchangemymail.com and seeing if that would unlock it. There is no way other than attaching to a BES.
Offline   Reply With Quote
Old 06-27-2007, 02:19 PM   #89 (permalink)
Knows Where the Search Button Is
 
Join Date: Jun 2007
Model: 7520
PIN: N/A
Carrier: Boost Mobile
Posts: 43
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by John Clark View Post
Wirelessly posted (BB 8860: BlackBerry8100/4.2.1 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/100 UP.Browser/5.0.3.3 UP.Link/5.1.2.1)

Everything except the application restrictions. Nobody has been able to unlock them. I was thinking of doing a trial of Exchangemymail.com and seeing if that would unlock it. There is no way other than attaching to a BES.
If you have the time, would you mind explaining what you hope to accomplish by using exchangemymail.com and HOW it will be accomplished? I'd like to get a better idea of exactly what needs to be done and what you're trying to do, so I can research this issue correctly.

What does attaching to a BES actually "DO" for your handheld that unlocks the restrictions? What does it change on the handheld and HOW does it do it?

Sorry for the stupid questions, I"m just trying to understand fully what a BES does for the handheld and why we can't FORCE those same changes without the BES.

blackberry-guy
Offline   Reply With Quote
Old 06-27-2007, 03:18 PM   #90 (permalink)
No longer Registered.
 
Dawg's Avatar
 
Join Date: Mar 2005
Location: Atlanta
Model: 8330
OS: 4.5.0.138
PIN: 31a6c9c9
Carrier: Verizon BIS
Posts: 13,963
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by blackberry-guy View Post
If you have the time, would you mind explaining what you hope to accomplish by using exchangemymail.com and HOW it will be accomplished? I'd like to get a better idea of exactly what needs to be done and what you're trying to do, so I can research this issue correctly.

What does attaching to a BES actually "DO" for your handheld that unlocks the restrictions? What does it change on the handheld and HOW does it do it?

Sorry for the stupid questions, I"m just trying to understand fully what a BES does for the handheld and why we can't FORCE those same changes without the BES.

blackberry-guy
Please take what I am about to say with a grain of salt, I would highly recommend that you sell that BB and buy a new one. You wont be happy with it, only because of the amount of work you are going to have to put into it.

I would highly suggest that you buy a new device so you wont be so frustrated.

What j is talking about is attaching another BES to the phone that installs anothe IT policy to it. That may remove the first one it may not. I would lean toward the second.

You cant force the existing BES off with out having the IT dept remove it or tryingto put a new one one which I dont think is possible.

Not to mention you are using boost so none of the features are going to work for you anyway. You can use it as a phone and a PDA but you wont be able to use BIS or any other intergraded feature of the BB

Last edited by Dawg : 06-27-2007 at 03:20 PM.
Offline   Reply With Quote
Old 06-28-2007, 02:29 AM   #91 (permalink)
BBF Moderator
 
John Clark's Avatar
 
Join Date: Jun 2005
Model: Z30
OS: 10.2.1.x
PIN: s & needles
Carrier: AT&T
Posts: 34,667
Post Thanks: 1
Thanked 84 Times in 65 Posts
Default

Dawg is right. Many people have tried to get rid of these settings. Unfortunatly, these policies are put on for a reason and therefore are not easily taken off. The fact is that it's not possible to "remove" the policies. I believe that when the carriers or RIM refurbish they can remove them but not the end users. This thread is the best there is for making used BB's work. While it's good to be on the lookout for other methods we need to just live wth the fact that used BB's have their issues.
Offline   Reply With Quote
Old 06-28-2007, 06:53 AM   #92 (permalink)
Knows Where the Search Button Is
 
Join Date: Jun 2007
Model: 8800
PIN: N/A
Carrier: o2
Posts: 38
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I have tried to read every message in this thread, but I cant seem to wonder why the following would not work.

1. I have a BB (8800 O/s 4.2) activated to a BES

2. I wiped / nuked the device.

3. Then the device was no longer activated to the BES. - So all policies should be wiped. Correct ???

I cant understand the need to download a policy.bin file.

Can someone please explain why the policy.bin file is needed ?

Thanks
Offline   Reply With Quote
Old 06-29-2007, 05:41 AM   #93 (permalink)
New Member
 
Join Date: Jun 2007
Model: 8700g
PIN: N/A
Carrier: Era
Posts: 1
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi guys,

i read all threds in this post and try disabled IT Policy in my BB 8700g and i have a problem :( My BB works in ERA network Poland, my OS ver.4.1. So i downloaded file policy.bin, i make change in Windows register and gone according to John Clark tutorial's and i still do not load applications to my BB :/

Who can help me?
Offline   Reply With Quote
Old 07-01-2007, 09:02 PM   #94 (permalink)
Knows Where the Search Button Is
 
Join Date: Jun 2007
Model: 7520
PIN: N/A
Carrier: Boost Mobile
Posts: 43
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by JoeIndy View Post
John, sorry to hear that it didn't work. I did some looking and found a user manual for a Bluetooth Keyboard designed for BlackBerry's. There's a section for how to allow use of the keyboard through BES. But, it looks like something that isn't accessable to BES Express without going through the whole installation and everything... basically, another section of policies that isn't controlled through policy.bin.

BlueKeyboard Download - Download the manual, see page 26.

Best of luck getting it resolved. -- Joe
Another set of policies? I know I'm still totally ignorant when it comes to this issue, but I'm trying to gather info and learn. So basically, you're saying that the policy.bin file controls several MAIN functions, but not all. The other functions are controlled by OTHER policy files? My questions would then be this:

What settings exactly does policy.bin control, and what are the defaults that will be obtained by applying the blank policy.bin (please list them).

Also, what files then would control the OTHER policies and where might we obtain them in order to tinker with them.

blackberry-guy
Offline   Reply With Quote
Old 07-01-2007, 09:13 PM   #95 (permalink)
BBF Moderator
 
John Clark's Avatar
 
Join Date: Jun 2005
Model: Z30
OS: 10.2.1.x
PIN: s & needles
Carrier: AT&T
Posts: 34,667
Post Thanks: 1
Thanked 84 Times in 65 Posts
Default

FYI: This is what's in the policy.bin posted above:

Code:
Policy.inf  - Management Configuration file for Desktop Software
;                
;
;  Notes: For comments a (;) must be at the beginning of the line
;         Use (\) for line continuation for strings
;            
;         Format:  Key = Value           
;                  Key {Policy } = value
;                  Key {Default} = value
;                  
;                  where: 'value'   can be an int, boolean or string.
;                         {Policy}  key is updated if different time stamp.
;                         {Default} key is updated only once.
;
;                  If no policy attribute {}, key will default to 'Default'
;
;***************************************************************************

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Desktop Manager Configuration
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; If application is shown on task bar.
HideWhenMinimized {default} = true

; Prompt the user when the Desktop Manager starts.
MessagePrompt {default} = Welcome to the Desktop Manager.

; To enable or disable the USB-Serial converter
EnableUSBconverter {default} = false

; Control whether the Application Loader is available to the user.
ShowApplicationLoader {default} = true

; Control whether if offline IT Policy warning prompt should be displayed.
ShowPolicyErrMsg {default} = true

; Control the length of time the device password is cached by Desktop Manager. (Minutes)
DesktopPasswordTimeout {policy} = 10

; This setting controls whether or not Desktop add-ins are permitted.
; When set to false, no desktop add-in code will be executed.
AllowDesktopAddIns {policy} = true

; Indicates whether or not the desktop software will allow the user to switch devices.
AllowDeviceSwitch {policy} = true

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Synchronization
;; Synchronize for PIM,Email and Folder Management defaults.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;


; This setting allows you to specify whether or not you would like PIM 
; information to be synchronized when the user selects the Synchronize Now 
; button from the Intellisync dialog.
SynchronizeNowPIM = true

; This setting allows you to specify whether or not you would like Email
; information to be synchronized when the user selects the Synchronize Now 
; button from the Intellisync dialog.
SynchronizeNowEmail = true

; This setting allows you to specify whether or not you would like the date and 
; time to be synchronized when the user selects the Synchronize Now button from 
; the Intellisync dialog.
SynchronizeNowDateTime = true

; This setting allows you to specify whether or not you would like PIM 
; information to be  to be automatically synchronized when the handheld 
; is connected to the PC.
AutoSynchronizePIM = false

; This setting allows you to specify whether or not you would like Email
; information to be  to be automatically synchronized when the handheld 
; is connected to the PC.
AutoSynchronizeEmail = false

; This setting allows you to specify whether or not you would like Date and Time
; information to be  to be automatically synchronized when the handheld 
; is connected to the PC.
AutoSynchronizeDateTime = false

; This setting allows you to specify whether or not you would like to synchronize 
; folders instead of performing an import.
SyncFoldersInsteadOfImport = true

; This setting allows you to specify how information conflicts between the handheld 
; and the PC encountered during synchronization are handled. If set to true, desktop 
; information is used. If set to false, handheld information is used.
FolderConflictDesktopWins = true

; This setting allows the enabling or disabling of wireless email reconcilation.
AllowWirelessEmailSynchronization = true

; This setting allows the wireless calendar synchronization functionality to be disabled.
DisableWirelessCalendar = false

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Redirector Settings
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; Append signature on out going messages
AutoSignature = -----------------\
Sent from my BlackBerry Handheld.

; Forwards messages to the handheld
ForwardMessagesToHandheld = true

; Allows user's to receive mail when handheld is connected to cradle
ForwardMessagesInCradle = false

; Setup filter rules for email redirection
FilterRuleFile = c:\myfilters.rfi
; When filter rules don't apply, forward or don't send messages
ForwardWhenRulesDontApply = true

; When sending a message from handheld, don't save a copy in my 'Sent Items' folder
DontSaveSentMessages = false

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Backup/Restore Configuration
;;
;; These value control the setting in "Backup and Restore Options" dialog
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; This value control the value of the "Automatically backup my handheld" setting
; in the options dialog, which is enables or disables prompted Automatic Backups.
AutoBackupEnabled = true

; This value indicates how often an AutoBackup is performed in days.
AutoBackupFrequency = 7

; This setting controls the exclusion of Email and synchronized data from the
; automatic backup. If set to true, the "Backup all handheld application data"
; radio button is selected.
AutoBackupIncludeAll = true

; This setting allows control over whether email is excluded from automatic backups
; (when AutoBackupIncludeAll is false).
AutoBackupExcludeEmail = false

; This setting allows control over whether synchronized application data is excluded
; from automatic backups (when AutoBackupIncludeAll is false). "Synchronized data" is
; that data which is configured for synchronization with Intellisync; this varies
; according to the user's preferences.
AutoBackupExcludeSync = false

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; WebLink Configuration
;;
;; These values control the appearance and behaviour of the WebLink extension.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; Setting this value to false prevents the WebLink icon from being displayed.
ShowWebLink = true

; This setting specifies the URL that will be used when the WebLink
; icon is activated.
WebLinkURL = www.your_network_here.com/go/downloads

; This setting controls the label that is displayed for the WebLink icon.
WebLinkLabel = Downloads

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Device Security Settings
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; Determine if the password is required on device
PasswordRequired {policy} = false

; Determine if the user can disable the password
UserCanDisablePassword {policy} = true

; Minimum length of the password.
; Valid range is 1 to 12 characters, inclusive.
;
; This value indicates the minimum length of an acceptable device
; security password.
MinPasswordLength {policy} = 4

; Password Pattern Checks
; Valid range is 0 or 1 at this time
;    0 -> no checks
;    1 -> ensure password has at least on letter and one digit
PasswordPatternChecks {policy} = 0

; Suppress Password Echo
;
; Option to disable password echo after x numbers of fail attempts to unlock handheld.
; false -> Disable
; true -> Enable
;
SuppressPasswordEcho {policy} = false

; Maximum device security timeout.
; Valid range is 1 to 60 minutes, inclusive.
;
; The handheld user is permitted to select any security timeout value
; less than this value.
MaxSecurityTimeout {policy} = 60

; Password Timeout
; Valid range is 0 to 60 minutes, inclusive.
;
; Set the effective password timeout on handheld.  This value must be 
; less than that of the MaxSecurityTimeout.
SetPasswordTimeout {policy} = 60

;
; If set, forces the device to the lock screen when it is holstered
ForceLockWhenHolstered {policy} = false

; Determine if the user can change the timeout
UserCanChangeTimeout {policy} = TRUE

; Password aging.
; Valid range is 0 to 365.
; 
; Specifying a value of 0 indicates password aging is disabled. Other
; values specify the maximum age of the password before the handheld
; user is prompted to change it.
MaxPasswordAgeInDays {policy} = 365

; Password History
; Valid range is 0 to 15
;
; Specify the number of passwords to retain for checking. Passwords in password history cannot be used when 
; setting a new handheld password.
;
MaximumPasswordHistory {policy} = 0


; Maximum Password Attempts
; Valid range is 3 to 10
;
; Set the maximum number of  password attempts on handheld. 
;
SetMaximumPasswordAttempts {policy} = 10

; Indicate if Long Term Security Timeout is enabled/disabled
;
; If true, handheld long term timeout is enabled
; If false, handheld long term timeout is disabled.
LongTermTimeoutEnable {policy} = false

; Attachment Viewing
;
; Controls the ability to view email attachments on the handheld.  
; If set to true then users can view attachments on the handheld 
AllowAttachmentViewing {policy} = true

; Policies that control the behaviour of third party applications
; on Java-based handhelds.
AllowThirdPartyUseSerialPort {policy} = true
AllowExternalConnections {policy} = true
AllowInternalConnections {policy} = true
AllowSplitPipeConnections {policy} = true
DisallowThirdPartyAppDownloads {policy} = false

; Policies that control the behaviour of the handheld Browser application
;
; DefaultBrowserConfigUID {default} = "BlackBerry Browser"
; MDSBrowserTitle {default} = "YourCompany Intranet"
; HomepageAddress {default} = www.your_network_here.com
; HomepageAddressReadOnly {policy} = true
; EnableWAPConfig {policy} = false


;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
; Policies that apply to the TLS protocol. 
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;


; TLS Disable Invalid Connection
; Disallow users to connect to a server with an invalid certificate (i.e revoked, expired, etc ).
; Value: 0=true,1=false,2=prompt on device
TLSDisableInvalidConnection {policy} = 1

; TLS Disable Untrusted Connection
; Prevent TLS connections to untrusted servers.
; Values: 0=true,1=false,2=prompt on device
TLSDisableUntrustedConnection {policy} = 2

; TLS Disable Weak Ciphers
; Disable use of weak ciphers during a TLS connection.
; Values: 0=true,1=false,2=prompt on device
TLSDisableWeakCiphers {policy} = 2

; TLS Minimum Strong DH Key Length,
; Valid range 512 to 4096
TLSMinimumStrongDHKeyLength {policy} = 1024

; TLS Minimum Strong ECC Key Length
; Valid range 160 to 571
TLSMinimumStrongECCKeyLength {policy} = 163

; TLS Minimum Strong RSA Key Length
; Valid range 512 to 4096
TLSMinimumStrongRSAKeyLength  {policy} = 1024

; Disable the use of any cipher that is not FIPS compliant.
TLSRestrictFIPSCiphers {policy} = false

; TLS Minimum Strong DSA Key Length
; 
; Set the minimum DSA key size allowed for use during a TLS connection.
; Range: 512 - 1024 bits in 64 bit increments
TLSMinimumStrongDSAKeyLength {policy} = 1024

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Messaging Settings.
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; Indicate if PIN to PIN messaging is permitted.
;
; If true, handheld users are permitted to use the PIN to PIN messaging
; feature. If false, this capability is hidden from the handheld user.
AllowPINtoPIN {policy} = true

; Indicate if the specification of BCC recipients is permitted.
;
; If true, handheld users can specify BCC recipients when composing messages.
; If false, this capability is unavailable to handheld users.
AllowBCCRecipients {policy} = true

; Indicate if SMS messaging is permitted.
;
; If true, handheld users are permitted to send SMS messages.
; If false, this capability is unavailable to handheld users.
AllowSMS {policy} = true

; Indicate if the RIM phone application can be used on the handheld.
;
; If true, handheld users are permitted to use the handheld's phone.
; If false, users are not permitted to use the handheld's phone.
AllowPhone {policy} = true

; Indicate if the RIM web browser can be used on the handheld.
;
; If true, handheld users are permitted to use the handheld's web browser.
; If false, users are not permitted to use the handheld's web browser.
AllowBrowser {policy} = true

; Indicate if other email services are permitted on the handheld.
;
; If false, no other email service books (other than the Enterprise
; edition one) are permitted on the handheld. Any other existing email
; service books are removed when the policy is installed; while the
; policy is in effect, other email service books will be rejected by the
; device. This forces all outbound email to be routed through the
; organization's BlackBerry Enterprise Server. 
;
; If true, no restrictions are applied to email service books.
AllowOtherEmailServices {policy} = true

; Indicate if other browser transport services are permitted on the handheld.
;
; If false, no other browser transport service books (other than the
; Enterprise edition one) are permitted on the handheld. In this case,
; any other existing browser transport service books are removed when the
; policy is installed; while the policy is in effect, other browser transport
; service books will be rejected by the device. This forces all browser
; traffic to be routed through the organization's BlackBerry Enterprise Server. 
;
; If true, no restrictions are applied to browser transport service books.
AllowOtherBrowserServices {policy} = true

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Owner Information
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; Owner Name - if value = '*' use the registry setting
OwnerName {default} = Research In Motion Ltd.

; Owner Info - if value = '*' use the registry setting
OwnerInfo {default} = Please return to RIM\
Phone # (519) 888-7465\
295 Phillip St\
Waterloo Ont\
N2L 3W8
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Other Info
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
Offline   Reply With Quote
Old 07-01-2007, 10:04 PM   #96 (permalink)
Knows Where the Search Button Is
 
Join Date: Jun 2007
Model: 7520
PIN: N/A
Carrier: Boost Mobile
Posts: 43
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks very much for the in-depth breakdown of the contents of the policy.bin file!

It'll be intersting to see if we can also find out what files control the bluetooth stuff and firewall settings (that the policy file does not). And then also if we can manipulate them without needing to connect to a BES.


Then again, and I know this is a long shot, could it be that we could manipulate the OTHER settings (for bluetooth keyboard, etc.) by adding options within the policy.bin file that are currently not there? I know that the compiler may not offer other settings to be adjusted, but if those settings are indeed controlled from within policy.bin and the compiler simply doesn't offer the ability to set them, that doesn't mean that we might not be able to hack policy.bin with other settings. Of course, that would only work if those settings for bluetooth keyboard, firewall, etc. can be controlled via policy.bin. If they are, we might be able to hack them into the policy.bin file.

If those settings are controlled by other policy files, we need to find out which ones.

Thanks again!

blackberry-guy

Last edited by blackberry-guy : 07-01-2007 at 10:12 PM.
Offline   Reply With Quote
Old 07-01-2007, 10:12 PM   #97 (permalink)
BBF Moderator
 
John Clark's Avatar
 
Join Date: Jun 2005
Model: Z30
OS: 10.2.1.x
PIN: s & needles
Carrier: AT&T
Posts: 34,667
Post Thanks: 1
Thanked 84 Times in 65 Posts
Default

Many others have tried with no success.....Good luck!
Offline   Reply With Quote
Old 07-02-2007, 05:16 PM   #98 (permalink)
New Member
 
Join Date: Jul 2007
Model: 8100
PIN: N/A
Carrier: AT&T
Posts: 1
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

A simple method that we have found at my company is to install all the 3rd-party SW you want after you setup of the phone with the carrier, but before you activate with BES the first time. Probably not much use for most of you BES users, but will help for your next Blackberry.
Offline   Reply With Quote
Old 07-02-2007, 06:31 PM   #99 (permalink)
New Member
 
Join Date: Jul 2007
Model: 7100T
PIN: N/A
Carrier: NEXTEL
Posts: 4
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Any help on getting around the gps so that the company cant track me?
Offline   Reply With Quote
Old 07-03-2007, 05:22 AM   #100 (permalink)
Knows Where the Search Button Is
 
Join Date: Jun 2007
Model: 7520
PIN: N/A
Carrier: Boost Mobile
Posts: 43
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by WILEMORE View Post
Any help on getting around the gps so that the company cant track me?
Smash your blackberry with a hammer!


blackberry-guy

P.S. I wish I had some serious info for you.... maybe someone else will
Offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

LinkBacks (?)
LinkBack to this Thread: http://www.blackberryforums.com/rim-software/67224-remove-policy.html
Posted By For Type Date
It Policy | BlackBerryNews.com This thread Refback 03-25-2009 04:16 PM





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.