I'm running BES 4.1.6 and noticed that the Security Timer Reset application permission was stuck to Deny on all of my OS 5 devices. I changed "Allow Resetting of idle timer" to True in the security policy group of my IT Policy and I was then able to allow this permission on the OS 5 devices.
What puzzles me is that although this setting was set to "False" by default, it didn't seem to affect my OS 4 devices. It seems like either this IT Policy setting was broken until OS 5 was released or the API for this wasn't present in OS 4. Are my assumptions on target?
Now, another problem I have with this is that I must configure this from the IT Policy, rather than the Application Control Policy. This makes it so all applications can use the Security Timer Reset, rather than just the applications I choose. Is there really no way to be more granular with this and allow this permission per-application?
I haven't used BES 5 yet, but I'm hoping they've moved the Security Timer Reset from the IT Policy to the Application Control Policy. Can anyone provide some information on how this permission is handled in BES 5?
Thanks a lot guys. I'm sorry if this has been posted before, but I tried the search feature and couldn't find a thread that answered all of my questions.
I think I discovered this quirk as well. This stuff is already complicated, just wait until you are on 5.0 with "application control policy for unlisted applications" issues. You will tear your hair out.
__________________
BESX 4.1.7 on Exchange 2003: 65 Devices
BESX 5.0.3 on Exchange 2003: 2007 Devices
I think I discovered this quirk as well. This stuff is already complicated, just wait until you are on 5.0 with "application control policy for unlisted applications" issues. You will tear your hair out.
Haha thanks for the insight. Apparently 5.0 resolves this issue, allowing you to configure this permission by application. I'll be getting into that shortly.