[silver_2000]

Quote:

Originally Posted by penguin3107

A hack!?
It's far from a hack. Ever hear of Domino Roaming profiles?

Your $0.02 says that you haven't had much experience in Domino administration.

While your preferred method is valid and supported by RIM, it's certainly not the only support method.

never said I had any experience as a domino admin - I will bet that there are many Domino admins who dont use roaming profiles so therefore know little or nothing about them.

You made my point that there is more than one way to do it -

Since we are talking about BB address books - it makes sense to sync them in the way that both RIM and IBM support - Its also a way that can be done by anyone with NO admin help

[aroughcircle]

Well, we take security pretty seriously

we have required password (set by the bb policy). Though the passwords arent too complex, our minimum is 4 characters. We have 10 tried before wiping. Maximum time before lock is 10 minutes. We havent set passwords to expire.


As for lost / stolen bb's, If its lost with chance to recover, I will disable redirection and change the password. if its not found within a day, i will send the kill command

if its stolen, send the kill command straight away.
obviously contact carrier to suspend the account (before we set passwords to be required, we had a user who didnt realise his blackberry was stolen, and the international phone calls meants we got a phone bill for over £1000 that month! luckily we told our carrier we DONT want international calls enabled, so they wrote off that bill)


And with everything i do, i keep an email trail, that includes password resets

[Jadey]

Quote:

Originally Posted by silver_2000

Im confused as to why you are promoting a hack that puts a copy of the local address book on the server - ( which is RIFE with potential problems ) vs the supported way of simply following the posters suggestion of syncing the local names into a hidden view in the mail file for inotes access.

When the replacement BB is activated the addresses in that hidden view will be automatically sent to the BB

Since most people dont update their address book daily this supported method works well

My $0.02

Doug

Firstly, no part of my suggestion is a hack, and I take exception to you using that word when I am a certified security professional.

Secondly, in my org, most of the execs most certainly DO update their address book daily. They also want PAs to update it, and thus having a server replica makes that an easy task.

When a server is properly configured and ACLs set on DBs, there are lots of good reasons to replicate PABs to the server. As someone stated, roaming profiles do this AUTOMATICALLY - so for you to imply that server replicas of PABs is somehow not a RIM/IBM supported method is absolute tosh.

Also your suggestion makes no provision for organisations that do not implement iNotes.

[penguin3107]

Quote:

Originally Posted by silver_2000

never said I had any experience as a domino admin - I will bet that there are many Domino admins who dont use roaming profiles so therefore know little or nothing about them.

You made my point that there is more than one way to do it -

Since we are talking about BB address books - it makes sense to sync them in the way that both RIM and IBM support - Its also a way that can be done by anyone with NO admin help

If you don't have any experience as a Domino admin, then I would suggest that you not make any commentary regarding Domino administration.
Like Jadey, I take offense when an inexperienced individual refers to common supported practice as a "hack".

RIM and IBM absolutely support replicating the personal address book to the server for wireless synchronization purposes. In fact, it's simpler for the end user if the process is set up this way, since once its implemented, it requires absolutely no user intervention whatsoever to continue to function. The user doesn't have to remember to choose "Synchronize Address Book" from the Actions menu. It all happens in the background.


Just because you've never done this, that most certainly does not mean that "many" people have never done this. You are not the center of the universe.

[Quitch]

I'm an Exchange Admin also responsible for the companies IT security. Our company is just getting the idea of writing policies (thanks to audits... I pretend to hate them, but secretly love 'em ). Blackberrys are going out and our policy is currently is to force an eight character password with no complexity and a 30 minute timeout. I've love to have that timeout at 15 minutes, but 30 is what they're settled on for the moment. However, with phone calls unhooked from timeouts I think I can win that one, at least it's setup to lock in holster. Attempts are ten, but I will get that down to five if I can.

I'd like complexity, but the nature of the keyboard makes this tricky and being a mobile device which will likely be locked and unlocked a lot, it's hard to pull off. Really the idea is just to have a password long enough that it resists breaking long enough that the device wipes itself due to the dead man's switch. Content restoration is so easy that I can live with accidental wipes since it call all be done OTA. However, without the ability to stop the use of dictionary words we'll probably be forced to at least introduce numerals at some point.

We don't use content protection yet, but if testing shows that unhooking the address book from this allows for voice activation WHILE locked, then it'll be a go, otherwise there's no way I can make that happen with a bluetooth armed mobile sales force. We'd probably use one of the higher levels of encryption since I didn't find it had a particularly negative hit on performance, just the odd lag when unlocking.