Remove IT Policy
Important: If you're still connected to a company BES, and simply want to install the latest and greatest third party application I would not recommend this approach. Talk to your BES administrators and ask them to grant you the appropriate rights. There are two problems in using this guide to bypass your company's security policy. First, whenever you reconnect to the company server, your security settings will revert back to how they were. Second, and perhaps more importantly, you run the risk of getting fired. Use of this procedure will sever the tie between your BlackBerry and your company BES and you will need to reactivate in order to reestablish the connection.
Method 1: IT Policy Removal For Devices with OS 4.5 and higher (Preferred)
The preferred method for removing IT policy is to update your device to OS 4.5 or higher (if possible) and use JL_Cmder's "resettofactory" command or the resettofactory command that is included in Loader.exe that installs with Desktop Manager (or any BB OS) to remove ALL IT policy, Firewall restrictions and Application Permission settings. After you've upgraded to OS 4.5 or higher, simply backup the device using Desktop Manager, close Desktop Manager, then run JL_Cmder and execute the "resettofactory" command or if you don't have JL_Cmder, just do the following:
1. Go to Start >Run and type CMD (you can also find the command prompt in Programs >Accessories.)
A command box will open.
2. Type the following exactly including spaces: cd c:\program files\common files\research in motion\apploader
You should now see that path followed by the cursor.
3. Now type: loader.exe/resettofactory
After using JL_Cmder or the cmd prompt method above, the device will do a security wipe of the device; (meaning wipe your data but leave the OS, DO NOT use the "Wipe" command in JL_Cmder) then reboot leaving the OS, 3rd party apps but no data AND, best of all, NO IT policy whatsoever. When you're done, simply restore your backup and you're good to go with no policy or locked firewall. (y) You can downgrade back to the old OS if you desire, too.
If your 7xxx or 8xxx device is running OS 4.2 or lower (look in Options >About) and you can't upgrade it to OS 4.5 or higher you will NOT be able to use method 1 above and you will need to use method #2 below:
================================================== ================================================== ================================================
Edit 04/16/2010: Since the procedure below is no longer needed on most of the current devices in use, the procedure below is no longer necessary in most cases and therefore the blank policy used is no longer available for download. I will leave the instructions posted so that they can be used to remove the policy.bin file from a PC if it gets left there inadvertently. Please refer to Method 1 above to remove the IT Policy from your device. If your device is running OS 4.2 you will need to update it to 4.5 before removing the policy using the method above.
Method 2: Placing Blank IT Policy on the Device(OS 4.2 and earlier devices ONLY)
This procedure should ONLY be used on devices that cannot be upgraded to OS 4.5 or higher. If you have a device that can be upgraded to OS 4.5 or higher DO NOT USE THIS PROCEDURE. Use Method 1 described above. If you have an older device that cannot be upgraded to OS 4.5 then continue with the following instructions. This is a How-To for removing IT policy from your BB. In essence, what this does is apply a blank IT policy to the device. The blank IT policy does, unfortunatly, leave some IT policy firewalls in place, however. For instance "keystroke injection" is set by default to "deny" on most IT policies. This blank policy won't give back "allow" for this feature. This becomes a problem if you desire to use a Bluetooth keyboard. You'll be unable to use the keyboard. If a way is found to get this back then I'll edit this post accordingly. A quick check to see if your BB is under IT policy can be done by going to Options/Security on your Device. If you see any references to IT Policy whatsoever, then you have a potentially restrictive IT Policy that can be removed. The Disclaimer/Intended Use. This guide is intended for use by people that own their own Blackberry, and for whatever reason, have inherited a company's IT policy on their device. Really, there are two scenarios where this guide is useful.
Procedure: Step 1 Ensure the Blackberry Desktop Manager is installed using Blackberry Internet Service, and not Blackberry Enterprise Server. If you are unsure, it would probably be a good idea to uninstall the Desktop Manager and start again. If you don't have the CD that came with your Blackberry, the Software can be downloaded here.
Step 2 Download the file Policy.bin (this file has been removed...see note in red above) and save it in your Blackberry installation directory (C:\Program Files\Research In Motion\BlackBerry).
Step 3 Wipe your Blackberry, creating a backup if necessary. Select Options/Security/Wipe on the Device. If this option is unavailable, you may have to install the latest software on your Blackberry. You need to Download and install the latest OS for your device. Connect your device, open the Desktop Manager, select Application Loader, and follow the prompts.
Step 4 Close the Desktop Manager if it is open.
Step 5 From the Windows XP Start Menu select Run..., and at the prompt type regedit. In the tree on the left hand side, navigate to:
HKEY_Current_Users\Software\Research In Motion\BlackBerry\PolicyManager
Right-Click the Policy Manager Folder and select New/String Value. Name the value Path. Now, Double-Click the Path Subkey and set Value Data to:
C:\Program Files\Research In Motion\BlackBerry\policy.bin
Step 6 Open the Desktop Manager.
Step 7Connect the Device. Verification Once complete, the Options/Security screen on your Blackberry should not contain references to an IT Policy, you should now be able to change all settings (including password prompts), and install Third Party Applications.
A big thanks to 7100simpleisbetter and barjohn of BlackberryForums.com for this BB saving procedure.
I personally wrote this policy so that there would be no question as to what it does to your device. Here is the code included in the Policy.bin above: (If you have comments or questions or you see something that should be changed, please contact me in this thread or via PM.)
IMPORTANT Note: After following the instructions in method 2, any BB connected to your Desktop Manager will have this policy applie to it. For that reason it is highly recommended that after finishing placing this blank policy to the restricted BlackBerry I recommend removing the policy.bin and the registry entry you added from your computer. Basically go back and reverse these instructions. If you don't then you risk plugging in a new BB or someone else's BB with NO policy and adding this blank policy to it as well.
I've seen various threads on this and many people have asked about how to remove an IT policy so I'm glad this topic is now a sticky.
this information is like an admins nightmare
Why? In order to complete the process it means wiping the handheld. When the handheld is wiped it loses the connection/encryption with the BES. If the policy restricted user gets this far and gets the policy removed he/she still has to reactivate on the BES. When he/she runs an EA the policy will once again push to the device. Right?
This info has been out for quite some time. It's not new.
i find that all the it admin i have ever worked with wanted everyone to be in the dark. and yes i realize the information isn't new but now its easily accessible. but i guess what isn't these days
i'm not saying that you are creating problem for any one or anything b/c i actually found it usefully. but i know where this would have driven a former boss of mine crazy.
I believe corporations have every right to restrict devices connected to their network to any extent they feel necessary. However, I don't think it's right to render a BB, or any of it's functions, totally useless for the rest of the BB's life. This is not meant to circumvent any restrictions corporations place on devices, as I'm opposed to that, as well. It's only meant to help those who are no longer connected to a BES.
i worked for a news paper and things use to walk away on the regular (because of where the it offices were, there were interns in and out for the paper and no one asking questions) so we tried our hardest to make sure that if it walked and we didn't know it was leaving that it would be almost useless to anyone else. We once found about 20 blackberry's online that belonged to the paper. but about 10 of them were useless because this person didn't have this type of information. Now i know that if there is a will theres a way but we were just glad that we were able to stop them that way.
i folow every thing you write and i cant still disable the firewall
did i have to wipe all the data from my handheld and download it again
:smile: THANK YOU for this info. I purchased 75 blackberries from my former company that went out of business for my new company to use and deploy. The BES was DOD wiped and there was no way to get the policy off these devices. Thank you for providing a real solution for a legitimate need. Blackberry was of no help telling me I would have to purchase BES software in order to use these devices. I really appreciate the info. If people choose to use it with a device they do not own then they have to deal with the consequences. Thanks again!(y)
Thanks for posting this. I recently had hot dog juice squirt onto my blackberry 7290 and sent it off for repair leaving me to purchase a used one from a ebay seller. My problems started when I tried using Yak-On but received many APN errors. Contacted Yak-On after unsuccessfully talking to Cinguar blackberry support, Yak-On did try to be very helpful but failed several times to get it working. After countless searches on this site I finally came across this thread and I must tell you, THANKS!! I followed the directions and presto! Yak-On works! I emailed the Yak-On support person who was helping me and told him about this site.
thank you man
but do you have any idea how to find the pin code ?
Can someone give me step by step instructions on how to do this using a Mac? Sorry, I am new to Blackberry. I posted in another thread, and have not been able to resolve my problem.
I own my Blackberry 7130e, however, I allowed my job to use BES so that I could receive email from them. Mistake - they put so much security on it that I could no longer download 3rd part software. They recently removed it, and now I can no longer send emails or access the internet.
The only way I can sync with my Blackberry is through PocketMac. Is there a way to do this right on the Blackberry? However, I don't want to wipe out everything on the Blackberry (especially my current email services which I can still receive mail from).
Thanks in advance!
Okay, I have just about wasted the whole day trying to resolve this problem!! I finally had to call Verizon/Blackberry Tech Support and I wiped out the BB and reloaded everything.
After hanging up with them, although I could access the internet and receive email, I still cannot download 3rd party software. When I looked at my security settings, the IT Policy was STILL THERE!!! Even after doing a "wipe"!!
I am ready to toss this BB! I cannot use the instructions above as it pertains to the Desktop Manager for a PC. I'm on a Mac. Any suggestions????????
You MUST use a PC in order to complete the above procedure. Simply wiping the device will NOT remove the IT policy. Find a friend with a PC, load desktop Manager and follow the above instructions. Mac won't work, sorry.
I guess that is what I'll have to do. The tech people at my job, and at Verizon/Blackberry don't seem to have a clue!!
Direct the tech folks at your job to the above instructions and they might be able to help. A friend may not be real happy with you editing their registry if you are not sure what you are doing.
OMG - I cannot believe the trouble I am having with this! I talked with a tech at Verizon/Blackberry and they are not willing to help with something that goes into the registry of a computer!!!
If I follow the directions exactly as above, will the registry of the PC I'm using go back to what it was before I touched it?
I'm pretty good with following directions!
Thanks - it seems that I am totally stuck unless I do it as per the instructions above.
This is a hack. Nobody from tech support with Verizon is going to help you. I mentioned you might be able to get your tech guys to help you with it but not Verizon.
Follow the instructions. The PC will be fine.
Oh, okay! Sorry about all of the questions. Unfortunately, the IT techs at work won't be able to help me out as they have already told me that my service provider has to fix the problem!
I'm going to try it on my husband's laptop in a little while. Thanks again!
BTW - my husband's computer runs Vista - is that going to be a problem?
|All times are GMT -5. The time now is 08:29 PM.|
Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.