+ All Categories
Home > Documents > BlackBerry Enterprise Server - Telef³nica Czech Republic

BlackBerry Enterprise Server - Telef³nica Czech Republic

Date post: 11-Sep-2021
Category:
Upload: others
View: 2 times
Download: 0 times
Share this document with a friend
312
BlackBerry Enterprise Server Version: 4.1 | Service Pack: 7 Policy Reference Guide
Transcript
Page 1: BlackBerry Enterprise Server - Telef³nica Czech Republic

BlackBerry Enterprise ServerVersion: 4.1 | Service Pack: 7

Policy Reference Guide

Page 2: BlackBerry Enterprise Server - Telef³nica Czech Republic

Published: 2009-11-24SWDT323212-877581-1124122337-001

Page 3: BlackBerry Enterprise Server - Telef³nica Czech Republic

Contents1 IT policy rules............................................................................................................................................................................... 20

Using IT policy rules on other devices.......................................................................................................................................... 20

New IT policy rules in this release................................................................................................................................................. 20

2 Descriptions of IT policy rules................................................................................................................................................... 22

Desktop Only items........................................................................................................................................................................ 22

Auto Backup Enabled IT policy rule...................................................................................................................................... 22

Auto Backup Exclude Messages IT policy rule.................................................................................................................... 22

Auto Backup Exclude Synchronization IT policy rule......................................................................................................... 23

Auto Backup Frequency IT policy rule.................................................................................................................................. 23

Auto Backup Include All IT policy rule................................................................................................................................. 24

Disable Wireless Calendar IT policy rule.............................................................................................................................. 24

Do Not Save Sent Messages IT policy rule.......................................................................................................................... 25

Force Load Count IT policy rule............................................................................................................................................ 25

Force Load Message IT policy rule........................................................................................................................................ 26

Forward Messages In Cradle IT policy rule.......................................................................................................................... 27

Message Conflict Mailbox Wins IT policy rule..................................................................................................................... 27

Message Prompt IT policy rule.............................................................................................................................................. 28

Show Application Loader IT policy rule................................................................................................................................ 28

Show Web Link IT policy rule................................................................................................................................................. 29

Synchronize Messages Instead Of Importing IT policy rule.............................................................................................. 29

Web Link Label IT policy rule................................................................................................................................................. 30

Web Link URL IT policy rule................................................................................................................................................... 30

Device Only Items........................................................................................................................................................................... 31

Allow BCC Recipients IT policy rule..................................................................................................................................... 31

Allow Peer-to-Peer Messages IT policy rule....................................................................................................................... 31

Allow SMS IT policy rule........................................................................................................................................................ 32

Default Browser Config UID IT policy rule.......................................................................................................................... 33

Enable Long-Term Timeout IT policy rule............................................................................................................................ 33

Enable WAP Config IT policy rule......................................................................................................................................... 34

Home Page Address IT policy rule........................................................................................................................................ 34

Home Page Address Is Read-Only IT policy rule................................................................................................................ 35

Maximum Password Age IT policy rule................................................................................................................................ 35

Maximum Security Timeout IT policy rule........................................................................................................................... 36

Page 4: BlackBerry Enterprise Server - Telef³nica Czech Republic

Minimum Password Length IT policy rule............................................................................................................................ 37

Password Pattern Checks IT policy rule............................................................................................................................... 38

Password Required IT policy rule.......................................................................................................................................... 38

User Can Change Timeout IT policy rule............................................................................................................................. 39

User Can Disable Password IT policy rule........................................................................................................................... 39

Global items..................................................................................................................................................................................... 40

Allow Browser IT policy rule.................................................................................................................................................. 40

Allow Phone IT policy rule..................................................................................................................................................... 41

Auto Signature IT policy rule................................................................................................................................................. 41

Application Center policy group................................................................................................................................................... 42

Disable Application Center IT policy rule............................................................................................................................ 42

Disable Carrier Directory IT policy rule................................................................................................................................ 42

BlackBerry Messenger policy group............................................................................................................................................. 43

Disable BlackBerry Messenger IT policy rule...................................................................................................................... 43

Disallow Forwarding of Contacts IT policy rule.................................................................................................................. 43

Messenger Audit Email Address IT policy rule.................................................................................................................... 44

Messenger Audit Max Report Interval IT policy rule.......................................................................................................... 44

Messenger Audit Report Interval IT policy rule.................................................................................................................. 44

Messenger Audit UID IT policy rule..................................................................................................................................... 45

BlackBerry Smart Card Reader policy group............................................................................................................................... 45

Disable Auto Reconnect To BlackBerry Smart Card Reader IT policy rule...................................................................... 45

Force Erase All Keys on BlackBerry Disconnected Timeout IT policy rule....................................................................... 46

Force Erase Key on PC Standby IT policy rule..................................................................................................................... 46

Maximum BlackBerry Bluetooth Traffic Inactivity Timeout IT policy rule........................................................................ 47

Maximum BlackBerry Disconnected Timeout IT policy rule.............................................................................................. 47

Maximum BlackBerry Long Term Timeout IT policy rule................................................................................................... 48

Maximum Bluetooth Encryption Key Regeneration Period IT policy rule........................................................................ 49

Maximum Bluetooth Range IT policy rule........................................................................................................................... 49

Maximum Connection Heartbeat Period IT policy rule...................................................................................................... 50

Maximum Number of BlackBerry Transactions IT policy rule........................................................................................... 51

Maximum Number of PC Pairings IT policy rule................................................................................................................. 51

Maximum Number of PC Transactions IT policy rule......................................................................................................... 52

Maximum PC Bluetooth Traffic Inactivity Timeout IT policy rule..................................................................................... 52

Maximum PC Disconnected Timeout IT policy rule............................................................................................................ 53

Maximum PC Long Term Timeout IT policy rule................................................................................................................. 54

Page 5: BlackBerry Enterprise Server - Telef³nica Czech Republic

Maximum Smart Card Not Present Timeout IT policy rule................................................................................................ 54

Minimum PIN Entry Mode IT policy rule.............................................................................................................................. 55

BlackBerry Unite! policy group..................................................................................................................................................... 55

Disable Download Manager IT policy rule........................................................................................................................... 55

Disable Unite! Applications IT policy rule........................................................................................................................... 56

Bluetooth policy group................................................................................................................................................................... 56

Allow Outgoing Calls IT policy rule...................................................................................................................................... 56

Disable Address Book Transfer IT policy rule...................................................................................................................... 56

Disable Advanced Audio Distribution Profile IT policy rule............................................................................................... 57

Disable Audio/Video Remote Control Profile IT policy rule.............................................................................................. 57

Disable Bluetooth IT policy rule............................................................................................................................................ 58

Disable Desktop Connectivity IT policy rule........................................................................................................................ 58

Disable Dial-Up Networking IT policy rule......................................................................................................................... 58

Disable Discoverable Mode IT policy rule............................................................................................................................ 59

Disable File Transfer IT policy rule....................................................................................................................................... 59

Disable Handsfree Profile IT policy rule.............................................................................................................................. 59

Disable Headset Profile IT policy rule.................................................................................................................................. 60

Disable Pairing IT policy rule................................................................................................................................................ 60

Disable Serial Port Profile IT policy rule.............................................................................................................................. 61

Disable SIM Access Profile IT policy rule............................................................................................................................. 62

Disable Wireless Bypass IT policy rule................................................................................................................................. 62

Force CHAP Authentication on Bluetooth Link IT policy rule........................................................................................... 62

Limit Discoverable Time IT policy rule................................................................................................................................. 63

Minimum Encryption Key Length IT policy rule.................................................................................................................. 63

Require Encryption IT policy rule.......................................................................................................................................... 63

Require LED Connection Indicator IT policy rule................................................................................................................ 64

Require Password for Discoverable Mode IT policy rule.................................................................................................... 64

Require Password for Enabling Bluetooth Support IT policy rule..................................................................................... 65

Browser policy group...................................................................................................................................................................... 65

Allow Application Download Services IT policy rule.......................................................................................................... 65

Allow Hotspot Browser IT policy rule................................................................................................................................... 66

Allow IBS Browser IT policy rule........................................................................................................................................... 66

Disable Auto Synchronization in Browser IT policy rule.................................................................................................... 66

Disable JavaScript in Browser IT policy rule........................................................................................................................ 67

Download Images URL IT policy rule................................................................................................................................... 67

Page 6: BlackBerry Enterprise Server - Telef³nica Czech Republic

Download Themes URL IT policy rule.................................................................................................................................. 68

Download Tunes URL IT policy rule...................................................................................................................................... 68

MDS Browser BSM Enabled IT policy rule........................................................................................................................... 68

MDS Browser Domains IT policy rule................................................................................................................................... 69

MDS Browser HTML Tables Enabled IT policy rule............................................................................................................. 69

MDS Browser JavaScript Enabled IT policy rule.................................................................................................................. 70

MDS Browser Style Sheets Enabled IT policy rule.............................................................................................................. 70

MDS Browser Title IT policy rule........................................................................................................................................... 70

MDS Browser Use Separate Icon IT policy rule.................................................................................................................. 71

Camera policy group....................................................................................................................................................................... 71

Disable Photo Camera IT policy rule.................................................................................................................................... 71

Disable Video Camera IT policy rule.................................................................................................................................... 72

Certification Authority Profile policy group................................................................................................................................. 72

Allow Private Key Export IT policy rule................................................................................................................................ 72

Certification Authority Host IT policy rule........................................................................................................................... 73

Certificate Authority Port IT policy rule............................................................................................................................... 73

Certification Authority Profile Name IT policy rule............................................................................................................ 73

Certification Authority Profile Required IT policy rule....................................................................................................... 74

Certification Authority Type IT policy rule........................................................................................................................... 74

Certificate Enrollment Delay IT policy rule.......................................................................................................................... 75

Certificate Expiry Window IT policy rule.............................................................................................................................. 75

Common Name Components IT policy rule........................................................................................................................ 76

Custom Microsoft Certification Authority Certificate Template IT policy rule................................................................ 76

Distinguished Name Components IT policy rule................................................................................................................ 77

Key Algorithm IT policy rule.................................................................................................................................................. 77

Key Length IT policy rule....................................................................................................................................................... 78

Microsoft Certification Authority Certificate Template IT policy rule.............................................................................. 78

RSA Certification Authority Certificate ID IT policy rule................................................................................................... 79

RSA Jurisdiction ID IT policy rule.......................................................................................................................................... 79

Certificate Synchronization policy group..................................................................................................................................... 80

Random Source URL IT policy rule....................................................................................................................................... 80

User Can Disable Automatic RNG Initialization IT policy rule......................................................................................... 80

Common policy group.................................................................................................................................................................... 81

BlackBerry Server version IT policy rule............................................................................................................................... 81

Confirm On Send IT policy rule............................................................................................................................................. 81

Page 7: BlackBerry Enterprise Server - Telef³nica Czech Republic

Disable Kodiak PTT IT policy rule......................................................................................................................................... 82

Disable MMS IT policy rule.................................................................................................................................................... 82

Disable Voice-Activated Dialing IT policy rule................................................................................................................... 83

Disable Voice Note Recording IT policy rule....................................................................................................................... 83

Enable Simultaneous Phone and Data IT policy rule......................................................................................................... 83

IT Policy Notification IT policy rule....................................................................................................................................... 84

Lock Owner Info IT policy rule.............................................................................................................................................. 84

Set Owner Info IT policy rule................................................................................................................................................. 85

Set Owner Name IT policy rule............................................................................................................................................. 85

Date and Time IT policy group...................................................................................................................................................... 86

Periodic Time Synchronization IT policy rule...................................................................................................................... 86

Desktop policy group...................................................................................................................................................................... 87

Allow BlackBerry Desktop Software Statistics IT policy rule............................................................................................. 87

Allow External Device Software Servers IT policy rule....................................................................................................... 87

Allow IP Modem application IT policy rule.......................................................................................................................... 87

Allow Personal Folder Reconciliation IT policy rule............................................................................................................ 88

Desktop Allow Desktop Add-ins IT policy rule.................................................................................................................... 88

Desktop Allow Device Switch IT policy rule........................................................................................................................ 89

Desktop Password Cache Timeout IT policy rule................................................................................................................ 89

Disable Check For Updates IT policy rule............................................................................................................................ 90

Disable Media Manager IT policy rule................................................................................................................................. 90

Disable Media Synchronization IT policy rule..................................................................................................................... 91

Generate Encrypted Backup Files IT policy rule................................................................................................................. 91

Override Check For Updates URL IT policy rule................................................................................................................. 92

Device IOT Application policy group............................................................................................................................................ 92

Device Diagnostic App Disable IT policy rule..................................................................................................................... 92

Set Diagnostic Report Email Address IT policy rule........................................................................................................... 92

Set Diagnostic Report PIN Address IT policy rule.............................................................................................................. 93

Documents To Go policy group..................................................................................................................................................... 93

Disable Documents To Go IT policy rule.............................................................................................................................. 93

Hide Documents To Go Communication Menus IT policy rule......................................................................................... 93

Hide Documents To Go Premium Feature Menus IT policy rule....................................................................................... 94

Email Messaging policy group....................................................................................................................................................... 94

Allow Auto Attachment Download IT policy rule................................................................................................................ 94

Attachment Viewing IT policy rule....................................................................................................................................... 95

Page 8: BlackBerry Enterprise Server - Telef³nica Czech Republic

Confirm External Image Download IT policy rule............................................................................................................... 95

Disable Form Submission IT policy rule............................................................................................................................... 96

Disable Manual Download of External Images IT policy rule............................................................................................ 96

Disable Notes Native Encryption Forward And Reply IT policy rule................................................................................ 96

Disable Rich Content Email IT policy rule........................................................................................................................... 97

Enable Wireless Message Reconciliation IT policy rule...................................................................................................... 97

Inline Content Requests IT policy rule................................................................................................................................. 98

Keep Message Duration IT policy rule................................................................................................................................. 98

Keep Saved Message Duration IT policy rule...................................................................................................................... 99

Maximum Native Attachment MFH attachment size IT policy rule................................................................................. 99

Maximum Native Attachment MFH total attachment size IT policy rule........................................................................ 100

Maximum Native Attachment MTH attachment size IT policy rule................................................................................. 100

Notes Native Encryption Password Timeout IT policy rule................................................................................................ 100

Prepend Disclaimer IT policy rule......................................................................................................................................... 101

Require Notes Native Encryption For Outgoing Messages IT policy rule....................................................................... 101

Enterprise Voice Client policy group............................................................................................................................................ 102

Disable DTMF Fallback IT policy rule................................................................................................................................... 102

Disable Enterprise Voice Client IT policy rule..................................................................................................................... 102

Lock Outgoing Line IT policy rules....................................................................................................................................... 103

Reject Non-Enterprise Voice Calls IT policy rule................................................................................................................ 103

External Display policy group........................................................................................................................................................ 103

Display Notification Details IT policy rule........................................................................................................................... 103

Include Message Text in Notification Details IT policy rule.............................................................................................. 104

Firewall policy group....................................................................................................................................................................... 104

Restrict Incoming Cellular Calls IT policy rule.................................................................................................................... 104

Restrict Outgoing Cellular Calls IT policy rule.................................................................................................................... 105

Instant Messaging policy group.................................................................................................................................................... 106

Disable Address Book Lookup for Enterprise Messenger IT policy rule........................................................................... 106

Disable Emailing Conversation IT policy rule...................................................................................................................... 106

Disable Saving Conversation IT policy rule......................................................................................................................... 107

Disallow File Transfer Types IT policy rule........................................................................................................................... 107

Location Based Services policy group........................................................................................................................................... 107

Allow Geolocation Service IT policy rule.............................................................................................................................. 108

Disable BlackBerry Maps IT policy rule................................................................................................................................ 108

Enable Enterprise Location Tracking IT policy rule............................................................................................................. 108

Page 9: BlackBerry Enterprise Server - Telef³nica Czech Republic

Enterprise Location Tracking Interval IT policy rule........................................................................................................... 109

Enterprise Location Tracking User Prompt Message IT policy rule.................................................................................. 109

MDS Integration Service policy group.......................................................................................................................................... 110

Allow Access to Multiple Domains IT policy rule................................................................................................................ 110

Allow Discovery By User IT policy rule................................................................................................................................. 110

Disable Activation With Public BlackBerry MDS Integration Service IT policy rule....................................................... 110

Disable MDS Runtime IT policy rule..................................................................................................................................... 111

Disable User-Initiated Activation With Public BlackBerry MDS Integration Service IT policy rule.............................. 111

Enable Access to Device Data for MDS Runtime 4.3.0 and earlier IT policy rule.......................................................... 112

Lowest BlackBerry MDS Integration Service Security Version Allowed IT policy rule................................................... 112

Queue Limit for Inbound Application Messages IT policy rule......................................................................................... 112

Queue Limit for Outbound Application Messages IT policy rule...................................................................................... 113

Verify BlackBerry MDS Integration Service Certificate IT policy rule.............................................................................. 113

Memory Cleaner policy group....................................................................................................................................................... 114

Force Memory Clean When Closed IT policy rule............................................................................................................... 114

Force Memory Clean When Holstered IT policy rule.......................................................................................................... 114

Force Memory Clean When Idle IT policy rule..................................................................................................................... 115

Memory Cleaner Maximum Idle Time IT policy rule........................................................................................................... 115

Chalk Pushcast Software policy group......................................................................................................................................... 116

Allow Launch of Chalk Pushcast Software IT policy rule................................................................................................... 116

On-Device Help policy group........................................................................................................................................................ 116

On-Device Help Group Label IT policy rule........................................................................................................................ 116

On-Device Help Links IT policy rule..................................................................................................................................... 117

Password policy group.................................................................................................................................................................... 117

Duress Notification Address IT policy rule.......................................................................................................................... 117

Forbidden Passwords IT policy rule...................................................................................................................................... 118

Maximum Password History IT policy rule.......................................................................................................................... 118

Periodic Challenge Time IT policy rule................................................................................................................................. 119

Set Maximum Password Attempts IT policy rule................................................................................................................ 119

Set Password Timeout IT policy rule..................................................................................................................................... 120

Suppress Password Echo IT policy rule................................................................................................................................ 121

PIM Synchronization policy group................................................................................................................................................ 121

Disable Address Wireless Synchronization IT policy rule................................................................................................... 121

Disable All Wireless Synchronization IT policy rule............................................................................................................ 122

Disable Calendar Wireless Synchronization IT policy rule................................................................................................. 123

Page 10: BlackBerry Enterprise Server - Telef³nica Czech Republic

Disable Enterprise Activation Progress IT policy rule........................................................................................................ 123

Disable Memopad Wireless Sync IT policy rule................................................................................................................... 123

Disable Phone Call Log Wireless Synchronization IT policy rule...................................................................................... 124

Disable PIN Messages Wireless Synchronization IT policy rule........................................................................................ 124

Disable SMS Messages Wireless Sync IT policy rule.......................................................................................................... 125

Disable Task Wireless Sync IT policy rule............................................................................................................................ 125

Disable Wireless Bulk Loads IT policy rule........................................................................................................................... 126

PGP Application policy group........................................................................................................................................................ 126

PGP Allowed Content Ciphers IT policy rule....................................................................................................................... 126

PGP Allowed Encrypted Attachment Mode........................................................................................................................ 127

PGP Allowed Encryption Types IT policy rule...................................................................................................................... 127

PGP Blind Copy Address IT policy rule................................................................................................................................ 128

PGP Force Digital Signature IT policy rule.......................................................................................................................... 128

PGP Force Encrypted Messages IT policy rule.................................................................................................................... 129

PGP Minimum Strong DH Key Length IT policy rule......................................................................................................... 129

PGP Minimum Strong DSA Key Length IT policy rule........................................................................................................ 130

PGP Minimum Strong RSA Key Length IT policy rule........................................................................................................ 130

PGP Universal Enrollment Method IT policy rule............................................................................................................... 131

PGP Universal Policy Cache Timeout IT policy rule........................................................................................................... 132

PGP Universal Server Address IT policy rule....................................................................................................................... 132

RIM Value-Added Applications policy group.............................................................................................................................. 133

Allow Edits to BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule............................... 133

Allow TiVo for BlackBerry application IT policy rule........................................................................................................... 133

BlackBerry Social Network Application Proxy URL for Lotus Connections IT policy rule.............................................. 134

BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule........................................................ 134

Disable BlackBerry Wallet IT policy rule.............................................................................................................................. 135

Disable Ecommerce Content Optimization Engine IT policy rule..................................................................................... 135

Disable Lotus Connections IT policy rule............................................................................................................................. 135

Disable Organizer Data Access for Social Networking Applications............................................................................... 135

Disable RIM Value-Added Applications IT policy rule....................................................................................................... 136

Enable the "Tell A Friend" Feature in BlackBerry Client for Lotus Quickr IT policy rule................................................ 136

Lotus Connections Activities Server IT policy rule.............................................................................................................. 137

Lotus Connections Blogs Server IT policy rule.................................................................................................................... 137

Lotus Connections Communities Server IT policy rule....................................................................................................... 138

Lotus Connections Dogear Server IT policy rule................................................................................................................. 138

Page 11: BlackBerry Enterprise Server - Telef³nica Czech Republic

Lotus Connections Profiles Server IT policy rule................................................................................................................. 138

Secure Email policy group.............................................................................................................................................................. 139

Canonical Certificate Domain Name IT policy rule............................................................................................................ 139

Disable Certificate Address Checks IT policy rule.............................................................................................................. 139

Security policy group...................................................................................................................................................................... 140

Allow External Connections IT policy rule........................................................................................................................... 140

Allow Internal Connections IT policy rule............................................................................................................................ 140

Allow Outgoing Call When Locked IT policy rule................................................................................................................ 141

Allow Resetting of Idle Timer IT policy rule......................................................................................................................... 141

Allow Screen Shot Capture IT policy rule............................................................................................................................ 142

Allow Smart Card Password Caching IT policy rule........................................................................................................... 142

Allow Split-Pipe Connections IT policy rule........................................................................................................................ 143

Allow Third Party Apps to Use Persistent Store IT policy rule.......................................................................................... 143

Allow Third Party Apps to Use Serial Port IT policy rule.................................................................................................... 144

Allowed Authentication Mechanisms IT policy rule........................................................................................................... 144

Certificate Status Maximum Expiry Time IT policy rule..................................................................................................... 145

Content Protection of Contact List IT policy rule................................................................................................................ 145

Content Protection Strength IT policy rule.......................................................................................................................... 146

Desktop Backup IT policy rule............................................................................................................................................... 147

Disable 3DES Transport Crypto IT policy rule..................................................................................................................... 148

Disable BlackBerry App World IT policy rule....................................................................................................................... 148

Disable Cut/Copy/Paste IT policy rule................................................................................................................................ 148

Disable External Memory IT policy rule............................................................................................................................... 149

Disable Forwarding Between Services IT policy rule.......................................................................................................... 149

Disable Geo-Tagging of Photos IT policy rule.................................................................................................................... 150

Disable GPS IT policy rule..................................................................................................................................................... 150

Disable Invalid Certificate Use IT policy rule...................................................................................................................... 151

Disable IP Modem IT policy rule........................................................................................................................................... 151

Disable Key Store Backup IT policy rule.............................................................................................................................. 151

Disable Key Store Low Security IT policy rule..................................................................................................................... 152

Disable Media Manager FTP Access.................................................................................................................................... 152

Disable Message Normal Send IT policy rule...................................................................................................................... 153

Disable Peer-to-Peer Normal Send IT policy rule.............................................................................................................. 154

Disable Persisted Plain Text IT policy rule........................................................................................................................... 154

Disable Public Photo Sharing Applications IT policy rule.................................................................................................. 155

Page 12: BlackBerry Enterprise Server - Telef³nica Czech Republic

Disable Public Social Networking Applications IT policy rule........................................................................................... 155

Disable Radio When Cradled IT policy rule......................................................................................................................... 156

Disable Revoked Certificate Use IT policy rule................................................................................................................... 156

Disable Smart Password Entry IT policy rule....................................................................................................................... 157

Disable Stale Certificate Status Checks IT policy rule....................................................................................................... 157

Disable Stale Status Use IT policy rule................................................................................................................................ 158

Disable Untrusted Certificate Use IT policy rule................................................................................................................ 158

Disable Unverified Certificate Use IT policy rule................................................................................................................ 159

Disable Unverified CRLs IT policy rule................................................................................................................................. 159

Disable USB Mass Storage IT policy rule............................................................................................................................. 160

Disable Weak Certificate Use IT policy rule........................................................................................................................ 160

Disallow Third Party Application Downloads IT policy rule............................................................................................... 161

External File System Encryption Level IT policy rule.......................................................................................................... 162

FIPS Level IT policy rule......................................................................................................................................................... 163

Firewall Block Incoming Messages IT policy rule............................................................................................................... 164

Firewall Whitelist Addresses IT policy rule.......................................................................................................................... 164

Force Content Protection Of Master Keys IT policy rule................................................................................................... 165

Force Device Password Entry While User Authentication is Enabled IT policy rule....................................................... 165

Force LED Blinking When Microphone Is On IT policy rule............................................................................................... 165

Force Lock When Closed IT policy rule................................................................................................................................. 166

Force Lock When Holstered IT policy rule........................................................................................................................... 166

Force Multi Factor Authentication IT policy rule................................................................................................................ 167

Force Smart Card Reader Challenge Response while User Authentication is enabled IT policy rule......................... 167

Force Smart Card Two Factor Authentication IT policy rule.............................................................................................. 168

Force Smart Card Two Factor Challenge Response IT policy rule.................................................................................... 168

Key Store Password Maximum Timeout IT policy rule....................................................................................................... 169

Lock on Smart Card Removal IT policy rule......................................................................................................................... 170

Maximum Smart Card User Authenticator Certificate Status Check Period IT policy rule........................................... 170

Message Classification IT policy rule................................................................................................................................... 171

Message Classification Title IT policy rule........................................................................................................................... 171

Minimal Encryption Key Store Security Level IT policy rule.............................................................................................. 171

Minimal Signing Key Store Security Level IT policy rule.................................................................................................... 172

Password Required for Application Download IT policy rule............................................................................................ 173

Require Secure APB Messages IT policy rule...................................................................................................................... 173

Required Password Pattern IT policy rule............................................................................................................................ 174

Page 13: BlackBerry Enterprise Server - Telef³nica Czech Republic

Reset to Factory Defaults on Wipe IT policy rule................................................................................................................ 174

Secure Wipe Delay After IT Policy Received IT policy rule................................................................................................ 175

Secure Wipe Delay After Lock IT policy rule........................................................................................................................ 176

Secure Wipe if Low Battery IT policy rule............................................................................................................................. 176

Security Service Colors IT policy rule................................................................................................................................... 176

Security Transcoder Cod File Hashes IT policy rule........................................................................................................... 177

Trusted Certificate Thumbprints IT policy rule.................................................................................................................... 178

Weak Digest Algorithms IT policy rule................................................................................................................................. 178

S/MIME Application policy group................................................................................................................................................. 179

Entrust Messaging Server (EMS) Email Address IT policy rule......................................................................................... 179

S/MIME Allowed Content Ciphers IT policy rule................................................................................................................ 179

S/MIME Allowed Encrypted Attachment Mode IT policy rule.......................................................................................... 180

S/MIME Allowed Encryption Types IT policy rule............................................................................................................... 180

S/MIME Blind Copy Address IT policy rule.......................................................................................................................... 181

S/MIME Force Digital Signature IT policy rule................................................................................................................... 181

S/MIME Force Encrypted Messages IT policy rule............................................................................................................. 182

S/MIME Force Smartcard Use IT policy rule....................................................................................................................... 182

S/MIME Minimum Strong DH Key Length IT policy rule.................................................................................................. 183

S/MIME Minimum Strong DSA Key Length IT policy rule................................................................................................. 183

S/MIME Minimum Strong ECC Key Length IT policy rule................................................................................................. 184

S/MIME Minimum Strong RSA Key Length IT policy rule................................................................................................. 184

Service Exclusivity policy group..................................................................................................................................................... 185

Allow Other Browser Services IT policy rule........................................................................................................................ 185

Allow Other Calendar Services IT policy rule...................................................................................................................... 185

Allow Other Message Services IT policy rule...................................................................................................................... 186

Allow Public AIM Services IT policy rule.............................................................................................................................. 186

Allow Public Google Talk Services IT policy rule................................................................................................................. 187

Allow Public ICQ Services IT policy rule.............................................................................................................................. 187

Allow Public IM Services IT policy rule................................................................................................................................. 187

Allow Public WLM Services IT policy rule............................................................................................................................. 188

Allow Public Yahoo! Messenger Services IT policy rule..................................................................................................... 188

Allow T-Mobile Mobile Backup Contact Sync IT policy rule.............................................................................................. 189

SIM Application Toolkit policy group............................................................................................................................................ 189

Disable Network Location Query IT policy rule.................................................................................................................. 189

Disable SIM Call Control IT policy rule................................................................................................................................ 190

Page 14: BlackBerry Enterprise Server - Telef³nica Czech Republic

Disable SIM Originated Calls IT policy rule......................................................................................................................... 190

Smart Dialing policy group............................................................................................................................................................ 190

Enable Smart Dialing Policy IT policy rule........................................................................................................................... 191

Set Local Area Code IT policy rule........................................................................................................................................ 191

Set Local Country Code IT policy rule.................................................................................................................................. 192

Set National Number Length IT policy rule......................................................................................................................... 192

Smart Dialing Allow Device Changes IT policy rule........................................................................................................... 193

TCP policy group............................................................................................................................................................................. 193

TCP APN IT policy rule........................................................................................................................................................... 193

TCP Password IT policy rule.................................................................................................................................................. 194

TCP Username IT policy rule................................................................................................................................................. 194

TLS Application policy group......................................................................................................................................................... 195

TLS Device Side Only IT policy rule...................................................................................................................................... 195

TLS Disable Invalid Connection IT policy rule..................................................................................................................... 195

TLS Disable Untrusted Connection IT policy rule............................................................................................................... 196

TLS Disable Weak Ciphers IT policy rule.............................................................................................................................. 196

TLS Minimum Strong DH Key Length IT policy rule........................................................................................................... 196

TLS Minimum Strong DSA Key Length IT policy rule......................................................................................................... 197

TLS Minimum Strong ECC Key Length IT policy rule......................................................................................................... 198

TLS Minimum Strong RSA Key Length IT policy rule......................................................................................................... 198

TLS Restrict FIPS Ciphers IT policy rule............................................................................................................................... 199

Visual Voice Mail policy group...................................................................................................................................................... 199

Allow Users to Save Messages IT policy rule...................................................................................................................... 199

Disable Visual Voice Mail IT policy rule............................................................................................................................... 200

Password Complexity IT policy rule...................................................................................................................................... 200

Require password IT policy rule............................................................................................................................................ 201

VoIP policy group............................................................................................................................................................................ 201

Allow VoIP IT policy rule........................................................................................................................................................ 201

Disable VoIP User Profiles IT policy rule............................................................................................................................. 201

SIP Authentication ID IT policy rule..................................................................................................................................... 202

SIP Domain IT policy rule...................................................................................................................................................... 202

SIP Local Port IT policy rule................................................................................................................................................... 203

SIP Realm IT policy rule......................................................................................................................................................... 203

SIP Registration Timeout IT policy rule................................................................................................................................ 204

SIP RTP Media Port IT policy rule......................................................................................................................................... 204

Page 15: BlackBerry Enterprise Server - Telef³nica Czech Republic

SIP Server Name IT policy rule.............................................................................................................................................. 204

SIP Server Port IT policy rule................................................................................................................................................. 205

SIP Server Transport IT policy rule....................................................................................................................................... 205

SIP Server Type IT policy rule................................................................................................................................................ 206

SIP User Display Name IT policy rule.................................................................................................................................. 206

SIP User ID IT policy rule....................................................................................................................................................... 207

SIP User Password IT policy.................................................................................................................................................. 207

VoIP Allow BlackBerry Device Changes IT policy rule....................................................................................................... 208

VoIP Emergency Number IT policy rule............................................................................................................................... 208

VoIP Enable Attended Call Transfer IT policy rule.............................................................................................................. 208

VoIP Enable Call Hold IT policy rule..................................................................................................................................... 209

VoIP Enable Unattended Call Transfer IT policy rule......................................................................................................... 209

VPN policy group............................................................................................................................................................................ 210

Disable VPN User Profiles IT policy rule.............................................................................................................................. 210

Enable VPN IT policy rule...................................................................................................................................................... 210

Use VPN Xauth IT policy rule................................................................................................................................................ 211

VPN Allow Handheld Changes IT policy rule...................................................................................................................... 211

VPN Allow Password Save IT policy rule............................................................................................................................. 211

VPN Disable Prompt for Credentials Re-Entry IT policy rule............................................................................................ 212

VPN DNS Configuration IT policy rule................................................................................................................................. 212

VPN Domain Name IT policy rule......................................................................................................................................... 213

VPN Gateway Address IT policy rule.................................................................................................................................... 213

VPN Group Name IT policy rule........................................................................................................................................... 214

VPN Group Password IT policy rule..................................................................................................................................... 214

VPN IKE Cipher IT policy rule............................................................................................................................................... 214

VPN IKE DH Group IT policy rule......................................................................................................................................... 215

VPN IKE Hash IT policy rule.................................................................................................................................................. 215

VPN IPSec Cipher and Hash IT policy rule.......................................................................................................................... 216

VPN Minimal Certificate Encryption Key Security Level IT policy rule............................................................................ 216

VPN NAT Keep Alive IT policy rule....................................................................................................................................... 217

VPN Password Hidden on Input IT policy rule.................................................................................................................... 217

VPN PFS IT policy rule........................................................................................................................................................... 217

VPN Primary DNS IT policy rule........................................................................................................................................... 218

VPN Secondary DNS IT policy rule...................................................................................................................................... 218

VPN User Name IT policy rule.............................................................................................................................................. 219

Page 16: BlackBerry Enterprise Server - Telef³nica Czech Republic

VPN User Password IT policy rule........................................................................................................................................ 219

VPN Vendor Type IT policy rule............................................................................................................................................ 220

VPN Xauth Type IT policy rule.............................................................................................................................................. 220

Wi-Fi policy group........................................................................................................................................................................... 220

BlackBerry Infrastructure Wi-Fi Access Mode IT policy rule............................................................................................. 221

Blocked Wi-Fi SSIDs IT policy rule........................................................................................................................................ 221

Disable GAN-Only Mode IT policy rule............................................................................................................................... 222

Disable GAN-Preferred Mode IT policy rule....................................................................................................................... 222

Disable GAN Selection Mode Editing IT policy rule........................................................................................................... 223

Disable WAN-Only Mode IT policy rule............................................................................................................................... 223

Disable WAN-Preferred Mode IT policy rule....................................................................................................................... 223

Disable Wi-Fi IT policy rule.................................................................................................................................................... 224

Disable Wi-Fi Direct Access to BlackBerry Enterprise Server IT policy rule.................................................................... 224

Disable Wi-Fi User Profiles IT policy rule............................................................................................................................. 225

GAN Signal Quality Threshold IT policy rule...................................................................................................................... 225

GAN Signal Strength Threshold IT policy rule.................................................................................................................... 226

GAN Wi-Fi Threshold IT policy rule...................................................................................................................................... 226

Wi-Fi Allow Handheld Changes IT policy rule..................................................................................................................... 227

Wi-Fi Default Gateway IT policy rule.................................................................................................................................... 227

Wi-Fi Default KEY ID IT policy rule....................................................................................................................................... 228

Wi-Fi DHCP Configuration IT policy rule............................................................................................................................. 228

Wi-Fi Disable Prompt for Credentials Re-Entry IT policy rule........................................................................................... 228

Wi-Fi Enable Authentication Page IT policy rule................................................................................................................ 229

Wi-Fi IP Address IT policy rule.............................................................................................................................................. 229

Wi-Fi Link Security IT policy rule........................................................................................................................................... 230

Wi-Fi Minimal EAP-TLS Certificate Encryption Key Security Level IT policy rule........................................................... 230

Wi-Fi Password Hidden on Input IT policy rule................................................................................................................... 231

Wi-Fi Preshared Key IT policy rule........................................................................................................................................ 231

Wi-Fi Primary DNS IT policy rule.......................................................................................................................................... 232

Wi-Fi Profile Forwarding Mode IT policy rule...................................................................................................................... 232

Wi-Fi Secondary DNS IT policy rule..................................................................................................................................... 233

Wi-Fi SSID IT policy rule........................................................................................................................................................ 234

Wi-Fi Subnet Mask IT policy rule.......................................................................................................................................... 234

Wi-Fi User Name IT policy rule............................................................................................................................................. 235

Wi-Fi User Password IT policy rule....................................................................................................................................... 235

Page 17: BlackBerry Enterprise Server - Telef³nica Czech Republic

Wi-Fi WEP Key 1 IT policy rule............................................................................................................................................... 236

Wi-Fi WEP Key 2 IT policy rule.............................................................................................................................................. 236

Wi-Fi WEP Key 3 IT policy rule.............................................................................................................................................. 236

Wi-Fi WEP Key 4 IT policy rule.............................................................................................................................................. 237

Wireless Software Upgrades policy group................................................................................................................................... 237

Allow Non Enterprise Upgrade IT policy rule...................................................................................................................... 237

Disallow Device User Requested Rollback IT policy rule................................................................................................... 238

Disallow Device User Requested Upgrade IT policy rule.................................................................................................. 238

Disallow Patch Download Over International Roaming WAN IT policy rule................................................................... 239

Disallow Patch Download Over Roaming WAN IT policy rule.......................................................................................... 239

Disallow Patch Download Over WAN IT policy rule........................................................................................................... 239

Disallow Patch Download Over Wi-Fi IT policy rule........................................................................................................... 240

WTLS Application policy group...................................................................................................................................................... 240

WTLS Disable Invalid Connection IT policy rule.................................................................................................................. 240

WTLS Disable Untrusted Connection IT policy rule............................................................................................................ 241

WTLS Disable Weak Ciphers IT policy rule........................................................................................................................... 241

WTLS Minimum Strong DH Key Length IT policy rule........................................................................................................ 242

WTLS Minimum Strong ECC Key Length IT policy rule...................................................................................................... 242

WTLS Minimum Strong RSA Key Length IT policy rule...................................................................................................... 243

WTLS Restrict FIPS Ciphers IT policy rule............................................................................................................................ 244

3 Descriptions of application control policy rules..................................................................................................................... 245

Are Internal Network Connections Allowed application control policy rule............................................................................ 245

Are External Network Connections Allowed application control policy rule........................................................................... 245

Local Connections application control policy rule...................................................................................................................... 246

Can Device Settings be Modified application control policy rule............................................................................................. 246

Can the Security Timer be Reset application control policy rule.............................................................................................. 246

Disposition application control policy rule................................................................................................................................... 247

Browser Filters application control policy rule............................................................................................................................ 247

Email application control policy rule............................................................................................................................................ 247

Is Access to the Event Injection API Allowed application control policy rule.......................................................................... 248

Is Access to the File API Allowed application control policy rule.............................................................................................. 248

Is Access to the GPS API Allowed application control policy rule............................................................................................ 248

Is Access to the Handheld Key Store Allowed application control policy rule........................................................................ 249

Is Access to the Interprocess Communication API Allowed application control policy rule.................................................. 249

Page 18: BlackBerry Enterprise Server - Telef³nica Czech Republic

Is Access to the Phone API Allowed application control policy rule......................................................................................... 250

Is Access to the Media API Allowed application control policy rule......................................................................................... 250

Is Access to the Module Management API Allowed application control policy rule.............................................................. 250

Is Access to the PIM API Allowed application control policy rule............................................................................................. 251

Is Access to the Screen, Microphone, and Video Capturing APIs Allowed application control policy rule......................... 251

Is Access to the Serial Port Profile for Bluetooth API Allowed application control policy rule.............................................. 252

Is Access to the User Authenticator API Allowed application control policy rule.................................................................. 252

Is Access to the Wi-Fi API Allowed application control policy rule........................................................................................... 253

Is Key Store Medium Security Allowed application control policy rule.................................................................................... 253

Is Theme Data Allowed application control policy rule.............................................................................................................. 254

List of Browser Filter Domains application control policy rule.................................................................................................. 254

List of External Domains application control policy rule............................................................................................................ 254

List of Internal Domains application control policy rule............................................................................................................ 255

4 Configuration settings................................................................................................................................................................ 256

Configuration settings for VoIP profiles....................................................................................................................................... 256

Allow VoIP configuration setting.......................................................................................................................................... 256

SIP Authentication ID configuration setting....................................................................................................................... 256

SIP Domain configuration setting........................................................................................................................................ 257

SIP Local Port configuration setting.................................................................................................................................... 257

SIP Realm configuration setting........................................................................................................................................... 257

SIP Registration Timeout configuration setting................................................................................................................. 258

SIP RTP Media Port configuration setting........................................................................................................................... 258

SIP Server Name configuration setting............................................................................................................................... 259

SIP Server Port configuration setting.................................................................................................................................. 259

SIP Server Transport configuration setting......................................................................................................................... 259

SIP Server Type configuration setting.................................................................................................................................. 260

SIP User Display Name configuration setting.................................................................................................................... 260

SIP User ID configuration setting........................................................................................................................................ 261

SIP User Password configuration setting............................................................................................................................ 261

VoIP Allow BlackBerry Device Changes configuration setting......................................................................................... 262

VoIP Emergency Number configuration setting................................................................................................................. 262

VoIP Enable Attended Call Transfer configuration setting............................................................................................... 263

VoIP Enable Call Hold configuration setting...................................................................................................................... 263

VoIP Enable Unattended Call Transfer configuration setting.......................................................................................... 263

Page 19: BlackBerry Enterprise Server - Telef³nica Czech Republic

Configuration settings for VPN profiles....................................................................................................................................... 264

Enable VPN configuration setting........................................................................................................................................ 264

Suppress VPN Banner configuration setting...................................................................................................................... 264

Use VPN Xauth configuration setting................................................................................................................................. 265

VPN Allow Handheld Changes configuration setting....................................................................................................... 265

VPN Allow Password Save configuration setting............................................................................................................... 266

VPN Disable Server Certificate Validation configuration setting.................................................................................... 266

VPN DNS Configuration configuration setting.................................................................................................................. 267

VPN Domain Name configuration setting.......................................................................................................................... 267

VPN Gateway Address configuration setting..................................................................................................................... 267

VPN Group Name configuration setting............................................................................................................................. 268

VPN Group Password configuration setting....................................................................................................................... 268

VPN Hard Token Required configuration setting............................................................................................................... 269

VPN IKE Cipher configuration setting................................................................................................................................. 269

VPN IKE DH Group configuration setting........................................................................................................................... 269

VPN IKE Hash configuration setting.................................................................................................................................... 270

VPN IP Address configuration setting................................................................................................................................. 270

VPN IPSec Cipher and Hash configuration setting........................................................................................................... 271

VPN Minimal Certificate Encryption Key Security Level configuration setting.............................................................. 271

VPN NAT Keep Alive configuration setting........................................................................................................................ 272

VPN PFS configuration setting............................................................................................................................................. 272

VPN Primary DNS configuration setting............................................................................................................................. 272

VPN Profile Visibility configuration setting......................................................................................................................... 273

VPN Profile Editability configuration setting...................................................................................................................... 273

VPN Secondary DNS configuration setting........................................................................................................................ 273

VPN Subnet Mask configuration setting............................................................................................................................. 274

VPN Token Serial Number configuration setting............................................................................................................... 274

VPN User Name configuration setting................................................................................................................................ 275

VPN User Password configuration setting.......................................................................................................................... 275

VPN Vendor Type configuration setting.............................................................................................................................. 276

VPN Xauth Type configuration setting................................................................................................................................ 276

Configuration settings for Wi-Fi profiles...................................................................................................................................... 277

Associated Certificate Authority Configuration configuration setting............................................................................ 277

Associated VoIP Configuration configuration setting....................................................................................................... 277

Associated VPN Configuration configuration setting........................................................................................................ 277

Page 20: BlackBerry Enterprise Server - Telef³nica Czech Republic

Wi-Fi Allow AP to AP Handover configuration setting...................................................................................................... 278

Wi-Fi Allow Handheld Changes configuration setting...................................................................................................... 278

Wi-Fi Allow Password Save configuration setting.............................................................................................................. 279

Wi-Fi Band Type configuration setting................................................................................................................................ 279

Wi-Fi BlackBerry Infrastructure Wi-Fi Access Mode configuration setting..................................................................... 279

Wi-Fi Default Gateway configuration setting..................................................................................................................... 280

Wi-Fi Default KEY ID configuration setting........................................................................................................................ 281

Wi-Fi DHCP Configuration configuration setting............................................................................................................... 281

Wi-Fi Disable Server Certificate Validation configuration setting................................................................................... 281

Wi-Fi Domain Suffix configuration setting.......................................................................................................................... 282

Wi-Fi EAP-FAST Provisioning method configuration setting............................................................................................ 282

Wi-Fi Enable Authentication Page configuration setting.................................................................................................. 283

Wi-Fi Hard Token Required configuration setting.............................................................................................................. 283

Wi-Fi Inner Authentication Mode configuration setting................................................................................................... 284

Wi-Fi IP Address configuration setting................................................................................................................................ 284

Wi-Fi Link Security configuration setting............................................................................................................................ 284

Wi-Fi Minimal EAP-TLS Certificate Encryption Key Security Level configuration setting............................................. 285

Wi-Fi Preshared Key configuration setting......................................................................................................................... 285

Wi-Fi Primary DNS configuration setting............................................................................................................................ 286

Wi-Fi Profile Editability configuration setting..................................................................................................................... 286

Wi-Fi Profile Visibility configuration setting....................................................................................................................... 287

Wi-Fi Protected Access Credential Key configuration setting.......................................................................................... 287

Wi-Fi Roaming Threshold configuration setting................................................................................................................. 287

Wi-Fi Secondary DNS configuration setting....................................................................................................................... 288

Wi-Fi Server SAN configuration setting............................................................................................................................... 288

Wi-Fi Server Subject configuration setting......................................................................................................................... 289

Wi-Fi SSID configuration setting.......................................................................................................................................... 289

Wi-Fi Subnet configuration setting...................................................................................................................................... 290

Wi-Fi Token Serial Number configuration setting.............................................................................................................. 290

Wi-Fi User Name configuration setting............................................................................................................................... 290

Wi-Fi User Password configuration setting......................................................................................................................... 291

Wi-Fi WEP Key 1 configuration setting................................................................................................................................. 291

Wi-Fi WEP Key 2 configuration setting................................................................................................................................ 292

Wi-Fi WEP Key 3 configuration setting................................................................................................................................ 292

Wi-Fi WEP Key 4 configuration setting................................................................................................................................ 293

Page 21: BlackBerry Enterprise Server - Telef³nica Czech Republic

5 Examples of security policy goals............................................................................................................................................. 294

Defining acceptable use of passwords and passphrases on BlackBerry devices.................................................................... 295

Defining measures to protect BlackBerry devices from unauthorized use.............................................................................. 296

Defining the encryption strength that the BlackBerry device uses to protect data............................................................... 296

Restricting unsecured messaging........................................................................................................................................ 297

Defining measures to prevent threats from viruses and malicious users................................................................................ 297

Limiting the resources that third-party applications installed on BlackBerry devices can access............................... 298

Limiting user control of third-party applications on BlackBerry devices......................................................................... 299

Preventing RIM value-added applications from running on BlackBerry devices.................................................................... 299

6 Glossary......................................................................................................................................................................................... 301

7 Provide feedback......................................................................................................................................................................... 307

8 Legal notice.................................................................................................................................................................................. 308

Page 22: BlackBerry Enterprise Server - Telef³nica Czech Republic

IT policy rules 1

You can assign IT policies to BlackBerry® devices to satisfy your organization's security policy requirements and to reflect theneeds of users who use the BlackBerry devices. For example, you can create an IT policy, configure the IT policy rules for executive-level feature and security requirements, add executives to a group, and assign the IT policy to the group.

For more information about how to create an IT policy, configure an IT policy rule, and assign an IT policy to a user account orgroup, see the BlackBerry Enterprise Server Administration Guide.

Using IT policy rules on other devicesA device that is running BlackBerry® Connect™ software or BlackBerry® Built-In™ software can use all the IT policy rules thatare associated with the supported features of the BlackBerry Connect software or BlackBerry Built-In software. The BlackBerryConnect software or BlackBerry Built-In software ignore IT policy rules that are associated with unsupported features.

Although the BlackBerry Connect software or BlackBerry Built-In software might support an IT policy rule, the device that it isrunning on might not. For more information, contact your organization's device supplier.

Devices that are running the BlackBerry® Application Suite can use all the IT policy rules that are associated with the supportedfeatures of the BlackBerry Application Suite. The BlackBerry Application Suite ignores IT policy rules that are associated withunsupported features.

New IT policy rules in this release

Policy group Rule

BlackBerry® Device

Software (minimum

requirement)

Date and Time Periodic Time Synchronization 5.0

Desktop Allow BlackBerry® Desktop Software Statistics —

Desktop Allow External Device Software Servers —

Desktop Allow IP Modem application —

Desktop Allow Personal Folder Reconciliation —

Desktop Generate Encrypted Backup Files —

Mobile chalkboard™ Allow Launch of Mobile chalkboard —

RIM Value-Added Applications Allow Edits to BlackBerry Social Network Application Proxy URL

for Lotus Quickr™

5.0

Policy Reference Guide IT policy rules

20

Page 23: BlackBerry Enterprise Server - Telef³nica Czech Republic

Policy group Rule

BlackBerry® Device

Software (minimum

requirement)

RIM Value-Added Applications Allow TiVo® for BlackBerry Application 4.2

RIM Value-Added Applications BlackBerry Social Network Application Proxy URL for Lotus

Quickr

5.0

RIM Value-Added Applications Disable organizer data access for social networking applications 4.2

RIM Value-Added Applications Enable the "Tell A Friend" Feature in BlackBerry Client for Lotus

Quickr

5.0

Security Disable BlackBerry App World™ 4.2

For information about adding new IT policy rules to a BlackBerry® Enterprise Server version earlier than the minimum requirement,visit www.blackberry.com/btsc to read article KB05439.

Policy Reference Guide New IT policy rules in this release

21

Page 24: BlackBerry Enterprise Server - Telef³nica Czech Republic

Descriptions of IT policy rules 2

Desktop Only items

Auto Backup Enabled IT policy rule

DescriptionThis rule specifies whether the automatic backup option in the backup and restore tool of the BlackBerry® Desktop Manager orBlackBerry® Web Desktop Manager is turned on.

Default valueThe default value is False.

UsageTo permit the backup and restore tool to back up BlackBerry device data automatically, change this rule to True. Automaticbackups can help provide recent BlackBerry device data for recovery if you need to replace a lost or stolen BlackBerry device.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry® Desktop Software version 3.5 or BlackBerry® Web Desktop Manager version 1.0• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.

Auto Backup Exclude Messages IT policy rule

DescriptionThis rule specifies whether messages are excluded when an automatic backup occurs.

Default valueThe default value is False.

DependenciesIf you change this rule to True, you must configure the Auto Backup Include All IT policy rule to False.

Minimum requirements• BlackBerry® Application Suite version 1.0

Policy Reference Guide Descriptions of IT policy rules

22

Page 25: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.

Auto Backup Exclude Synchronization IT policy rule

DescriptionThis rule specifies whether application data that is synchronized with desktop organizer applications is excluded when anautomatic backup occurs.

Default valueThe default value is False.

DependenciesIf you change this rule to True, you must configure the Auto Backup Include All IT policy rule to False.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry® Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.

Auto Backup Frequency IT policy rule

DescriptionThis rule specifies how often (in days) automatic backups occur. The permitted range is 1 through 99 days.

Default valueThe default value is 7 days.

UsageChange this value to a minimum of 2 days so that backups of BlackBerry® device data occur more frequently, to a maximum of99 days.

Policy Reference Guide Desktop Only items

23

Page 26: BlackBerry Enterprise Server - Telef³nica Czech Republic

If a user's computer memory is limited, save backup files to a network drive.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry® Desktop Software version 3.5 or BlackBerry® Web Desktop Manager version 1.0• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.

Auto Backup Include All IT policy rule

DescriptionThis rule specifies whether all BlackBerry® device data is included when an automatic backup occurs.

Default valueThe default value is True.

UsageBy default, in the backup and restore tool options, the Backup all device application data option is selected.

If you configure the Auto Backup Exclude Sync or Auto Backup Exclude Messages IT policy rules to True, change this rule to False.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry® Desktop Software version 3.5 or BlackBerry® Web Desktop Manager version 1.0• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.

Disable Wireless Calendar IT policy rule

DescriptionThis rule specifies whether users can use the wireless calendar synchronization option in the synchronization tool of theBlackBerry® Desktop Manager.

Default valueThe default value is False.

Usage

Policy Reference Guide Desktop Only items

24

Page 27: BlackBerry Enterprise Server - Telef³nica Czech Republic

Change this rule to True to prevent users from using wireless calendar synchronization.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry® Desktop Software version 3.5 or BlackBerry® Web Desktop Manager version 1.0• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.

Do Not Save Sent Messages IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device saves a copy of each email message that a user sends in the sent messagesfolder on the user's computer.

Default valueThe default value is False.

UsageChange this rule to True to store email messages that a user sends from a BlackBerry device.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry® Desktop Software version 3.5 or BlackBerry® Web Desktop Manager version 1.0• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.

Force Load Count IT policy rule

DescriptionThis rule specifies the number of times that users can decline to update the BlackBerry® Device Software before they must updateit. The permitted range is -1 through 1000 times.

Default valueThe default value is a null value.

Usage

Policy Reference Guide Desktop Only items

25

Page 28: BlackBerry Enterprise Server - Telef³nica Czech Republic

To turn off mandatory updates of the BlackBerry Device Software, change this rule to -1.

To turn on the forced update feature, change this rule to 0 or higher. If you turn on the feature, when a user logs in and connectsa BlackBerry device to a computer, the BlackBerry® Desktop Manager or BlackBerry® Web Desktop Manager version 1.0 or 1.0.1automatically checks whether newer versions of the software are available and prompts the user to update the BlackBerry device.

This rule is obsolete in BlackBerry Web Desktop Manager version 5.0 and later.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry® Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.

Force Load Message IT policy rule

DescriptionThis rule specifies the message that appears when users are prompted to update the BlackBerry® Device Software to a laterversion.

Default valueThe default value is a null value.

UsageThis rule is obsolete in BlackBerry® Web Desktop Manager version 5.0 and later.

DependenciesA BlackBerry device uses this rule only if you configure the Force Load Count IT policy rule to 0 or higher.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry® Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.

Policy Reference Guide Desktop Only items

26

Page 29: BlackBerry Enterprise Server - Telef³nica Czech Republic

Forward Messages In Cradle IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device receives email messages while it is connected to a computer.

The BlackBerry® Enterprise Server configures this value.

Default valueThe default value is True. By default, a BlackBerry device receives email messages from the inbox only.

UsageWhen you change this rule, the option changes in the email settings tool of the BlackBerry® Desktop Manager.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry® Desktop Software version 3.5• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange or BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Message Conflict Mailbox Wins IT policy rule

DescriptionThis rule specifies whether the email application on a computer takes precedence over a BlackBerry® device when a conflictoccurs during organizer data synchronization.

Default valueThe default value is True.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry® Desktop Software version 3.5• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange or BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Policy Reference Guide Desktop Only items

27

Page 30: BlackBerry Enterprise Server - Telef³nica Czech Republic

Message Prompt IT policy rule

DescriptionThis rule specifies the message that should appear when the BlackBerry® Desktop Software starts.

Default valueThe default value is a null value.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry Desktop Software version 3.5• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange or BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Show Application Loader IT policy rule

DescriptionThis rule specifies whether the application loader tool appears in the BlackBerry® Desktop Manager and the BlackBerry® WebDesktop Manager.

Default valueThe default value is True.

UsageChange this rule to False to hide the Device Software tab in the BlackBerry Web Desktop Manager and the Application Loadericon in the BlackBerry Desktop Manager.

This rule is obsolete in BlackBerry Web Desktop Manager version 5.0 and later.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry® Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange or BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule with BlackBerry Web Desktop Manager version 1.0or 1.0.1 only.

Policy Reference Guide Desktop Only items

28

Page 31: BlackBerry Enterprise Server - Telef³nica Czech Republic

Show Web Link IT policy rule

DescriptionThis rule specifies whether the link icon for the Internet appears in the BlackBerry® Desktop Manager.

Default valueThe default value is False.

UsageYou can use this rule when you manage BlackBerry devices that are running BlackBerry® Application Suite versions 1.0 and later.

DependenciesThe link icon appears only if you configure a default web address using the Web Link URL IT policy rule.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry® Desktop Software version 3.5• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange or BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Synchronize Messages Instead Of Importing IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device can synchronize email messages and folders in the email application on a user'scomputer and on the BlackBerry device instead of applying the changes to the BlackBerry device only.

Default valueThe default value is True.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry® Desktop Software version 3.5• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange or BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Policy Reference Guide Desktop Only items

29

Page 32: BlackBerry Enterprise Server - Telef³nica Czech Republic

Web Link Label IT policy rule

DescriptionThis rule specifies the name of the web link icon, if it appears in the BlackBerry® Desktop Manager.

Default valueThe default value is Downloads.

UsageConfigure the label according to your organization's requirements.

DependenciesIf you configure this rule, you must also change the Show Web Link IT policy rule to True so that the web link icon appears.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry® Desktop Software version 3.5• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange or BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Web Link URL IT policy rule

DescriptionThis rule specifies the web address for the web link icon, if it appears in the BlackBerry® Desktop Manager.

Default valueThe default value is a null value.

DependenciesIf you configure this rule, you must also configure the Show Web Link IT policy rule to True so that the web link icon appears.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry® Desktop Software version 3.5• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange or BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®

Exceptions

Policy Reference Guide Desktop Only items

30

Page 33: BlackBerry Enterprise Server - Telef³nica Czech Republic

The BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Device Only Items

Allow BCC Recipients IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device user can include BCC recipients when composing email messages on aBlackBerry® device.

Default valueThe default value is True.

Minimum requirements• C++ based BlackBerry device that is running BlackBerry® Device Software version 2.5• Java® based BlackBerry device that is running BlackBerry Device Software version 3.6• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ versions 1.2, 2.0, 2.1, or 4.0• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are runningBlackBerry Device Software version 4.0 or later.

Allow Peer-to-Peer Messages IT policy rule

DescriptionThis rule specifies whether a user can send PIN messages.

Default valueThe default value is True.

UsageChange this rule to False to prevent users from sending PIN messages.

Changing this rule to False does not prevent users from receiving PIN messages.

Dependencies

Policy Reference Guide Device Only Items

31

Page 34: BlackBerry Enterprise Server - Telef³nica Czech Republic

To block incoming PIN messages, in the Security policy group, configure the Firewall Block Incoming Messages IT policy rule toPIN Messages (Public) and PIN Messages (Corporate).

Minimum requirements• C++ based BlackBerry® device that is running BlackBerry® Device Software version 2.5• Java® based BlackBerry device that is running BlackBerry Device Software version 3.6• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ versions 1.2, 2.0, 2.1, 4.0• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are runningBlackBerry Device Software version 4.0 or later.

Allow SMS IT policy rule

DescriptionThis rule specifies whether a user can send SMS text messages.

Default valueThe default value is True.

UsageChange this rule to False to prevent a user from sending SMS text messages.

Changing this rule to False does not prevent a user from receiving SMS text messages.

DependenciesTo block incoming SMS text messages, in the Security policy group, configure the Firewall Block Incoming Messages IT policy rule.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Connect™ versions 1.2, 2.0, 2.1, 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule in BlackBerry Device Software version 4.0 or later.

Policy Reference Guide Device Only Items

32

Page 35: BlackBerry Enterprise Server - Telef³nica Czech Republic

Default Browser Config UID IT policy rule

DescriptionThis rule specifies a unique ID for the browser configuration service book, which specifies the default browser configuration ona BlackBerry® device.

For more information about the browser configurations that are available on a BlackBerry device, see the Browser policy group.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Connect™ versions 2.1 or 4.0 (internal)• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule in BlackBerry Device Software version 4.0 or later.

Enable Long-Term Timeout IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device locks after a predefined period of time, regardless of user activity.

Default valuesThe default value in the Default and Basic password security IT policies is null.

The default value in all other preconfigured IT policies is True.

UsageConfigure this rule to True to force a BlackBerry device to lock automatically after 60 minutes.

DependenciesUse the Periodic Challenge Time IT policy rule to shorten or extend the timeout interval.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Connect™ versions 1.2, 2.0, 2.1, 4.0• BlackBerry® Device Software version 3.6

Policy Reference Guide Device Only Items

33

Page 36: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule in BlackBerry Device Software version 4.0 or later.

Enable WAP Config IT policy rule

DescriptionThis rule specifies whether a separate icon appears on a BlackBerry® device if the appropriate service books are present for theWAP Browser.

For more information about the browser configurations that are available on a BlackBerry device, see the Browser policy group.

Default valueThe default value is True.

UsageChange this rule to False to turn off the WAP service and hide the WAP Browser icon on a BlackBerry device.

Turning off the WAP service might turn off the ability to send and receive MMS messages if your organization's network serviceprovider uses the WAP service for MMS messaging.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Connect™ versions 2.1, 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule in BlackBerry Device Software version 4.0 or later.

Home Page Address IT policy rule

DescriptionThis rule specifies the BlackBerry® Browser home page.

For more information about the browser configurations that are available on a BlackBerry device, see the Browser policy group.

Default value

Policy Reference Guide Device Only Items

34

Page 37: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is a null value.

UsageIf you do not configure this rule, a BlackBerry device uses the default home page.

Minimum requirements• C++ based BlackBerry device that is running BlackBerry® Device Software version 2.5• Java® based BlackBerry device that is running BlackBerry Device Software version 3.6• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are runningBlackBerry Device Software version 4.0 or later.

Home Page Address Is Read-Only IT policy rule

DescriptionThis rule specifies whether a user can change the BlackBerry® Browser home page.

Default valueThe default value is a null value.

Minimum requirements• C++ based BlackBerry device that is running BlackBerry® Device Software version 2.5• Java® based BlackBerry device that is running BlackBerry Device Software version 3.6• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are runningBlackBerry Device Software version 4.0 or later.

Maximum Password Age IT policy rule

Description

Policy Reference Guide Device Only Items

35

Page 38: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies the number of days before a BlackBerry® device password expires and a user must set a new password. Thepermitted range is 0 through 65,535 days.

Default valuesThe default value in the Default IT policy is a null value.

The default value in the Basic password security IT policy is 60 days.

The default value in all other preconfigured IT policies is 30 days.

UsageIf you configure this rule to 0, the BlackBerry device password does not expire.

DependenciesA BlackBerry device uses this rule only if the Password Required rule is configured to True.

Minimum requirements• C++-based BlackBerry device that is running BlackBerry® Device Software version 2.5• Java® based BlackBerry device that is running BlackBerry Device Software version 3.6• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 1.2, 2.0, 2.1, or 4.0• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are runningBlackBerry Device Software version 4.0 or later.

Maximum Security Timeout IT policy rule

DescriptionThis rule specifies the maximum time (in minutes) that a BlackBerry® device user can specify as the security timeout value. Thesecurity timeout value is the number of minutes of inactivity before the BlackBerry device locks. The permitted range is 10 through480 minutes.

Default valuesThe default value in the Default IT policy is a null value.

The default value in the Basic password security IT policy is 30 minutes.

The default value in all other preconfigured IT policies is 10 minutes.

Usage

Policy Reference Guide Device Only Items

36

Page 39: BlackBerry Enterprise Server - Telef³nica Czech Republic

By default, the maximum security timeout value that is available on a BlackBerry device is 60 minutes.

DependenciesA BlackBerry device uses this rule only if the Password Required rule is configured to True.

A BlackBerry device user can specify any timeout value that is lower than the maximum value, unless you configure the User CanChange Timeout rule to False.

To configure a timeout value, in the Password policy group, configure the Set Password Timeout rule.

Minimum requirements• C++ based BlackBerry device that is running BlackBerry® Device Software version 2.5• Java® based BlackBerry device that is running BlackBerry Device Software version 3.6• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 1.2, 2.0, 2.1, or 4.0• BlackBerry® Enterprise Server version 3.5

Minimum Password Length IT policy rule

DescriptionThis rule specifies the minimum number of characters that are required for a BlackBerry® device password. The permitted rangeis 4 through 14 characters. The maximum password length, which this rule does not control, is 32 characters.

Default valueThe default value is a null value.

DependenciesA BlackBerry device uses this rule only if the Password Required rule is configured to True.

If the FIPS Level IT policy rule is configured to 2, by default, a BlackBerry device requires a minimum password length of 5characters.

Minimum requirements• C++ based BlackBerry device that is running BlackBerry® Device Software version 2.5• Java® based BlackBerry device that is running BlackBerry Device Software version 3.6• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ versions 1.2, 2.0, 2.1 or 4.0• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are runningBlackBerry Device Software version 4.0 or later.

Policy Reference Guide Device Only Items

37

Page 40: BlackBerry Enterprise Server - Telef³nica Czech Republic

Password Pattern Checks IT policy rule

DescriptionThis rule specifies whether to verify that a BlackBerry® device password matches specific character pattern requirements.

Default valuesThe default value in the Default IT policy is No restrictions.

The default value in all other preconfigured IT policies is at least one alphabetic character and one numeric character.

UsageChange this rule to At least 1 alpha and 1 numeric character to require that a BlackBerry device user enter at least 1 alphabeticcharacter and 1 numeric character.

Change this rule to At least 1 alpha, 1 numeric, and 1 special character to require that a BlackBerry device user enter at least 1alphabetic, 1 numeric and 1 special character.

Change this rule to At least 1 upper-case alpha, one lower-case alpha, 1 numeric, and 1 special character to require that a BlackBerrydevice user enter at least 1 upper-case alphabetic, one lower-case alphabetic, 1 numeric, and 1 special character.

If you select option 2 or 3, password pattern checking is not available for C++ based BlackBerry devices.

By default, a BlackBerry device prevents setting passwords that use a natural sequence of characters or numbers. If a symbol isinserted into a natural sequence, a BlackBerry device can use the password.

Minimum requirements• C++ based BlackBerry device that is running BlackBerry® Device Software version 2.5• Java® based BlackBerry device that is running BlackBerry Device Software version 3.6• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 1.2, 2.0, 2.1, or 4.0• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are runningBlackBerry Device Software version 4.0 or later.

Password Required IT policy rule

DescriptionThis rule specifies whether a user must configure a password on a BlackBerry® device.

Default valuesThe default value in the Default IT policy is False.

Policy Reference Guide Device Only Items

38

Page 41: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value in all other preconfigured IT policies is True.

DependenciesIf the FIPS Level IT policy rule is configured to 2, by default, a user must configure a password.

Minimum requirements• C++ based BlackBerry device that is running BlackBerry® Device Software version 2.5• Java® based BlackBerry device that is running BlackBerry Device Software version 3.6• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ versions 1.2, 2.0, 2.1 or 4.0• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are runningBlackBerry Device Software version 4.0 or later.

User Can Change Timeout IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device user can override the security timeout value.

Default valueThe default value is True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ versions 1.2, 2.0, 2.1, 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.

User Can Disable Password IT policy rule

DescriptionThis rule specifies whether a user can turn off the requirement for a BlackBerry® device security password.

Default values

Policy Reference Guide Device Only Items

39

Page 42: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value in the Default IT policy is True.

The default value in all other preconfigured IT policies is False.

UsageChange this rule to False to prevent a user from turning off the requirement for a BlackBerry device security password.

DependenciesA BlackBerry device uses this rule only if the Password Required rule is configured to True.

This rule is obsolete for Java® based BlackBerry devices that are running BlackBerry® Device Software version 4.0 or later andC++ based BlackBerry devices that are running BlackBerry Device Software version 2.7.

Minimum requirements• C++ based BlackBerry device that is running BlackBerry Device Software version 2.5• Java based BlackBerry device that is running BlackBerry Device Software version 3.6• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 1.2, 2.0, 2.1, or 4.0• BlackBerry® Enterprise Server version 3.5

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule only for Java based BlackBerry devices that arerunning BlackBerry Device Software version 4.0 or later.

Global items

Allow Browser IT policy rule

DescriptionThis rule specifies whether the BlackBerry® Browser is available on a BlackBerry device.

Default valueThe default value is True.

UsageThis rule does not affect other browsers such as the WAP browser.

For more information about the browser configurations that are available on a BlackBerry device, see the Browser policy group.

Minimum requirements• C++ based BlackBerry device that is running BlackBerry® Device Software version 2.5• Java® based BlackBerry device that is running BlackBerry Device Software version 3.6• BlackBerry® Application Suite version 1.0

Policy Reference Guide Global items

40

Page 43: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Connect™ versions 1.2, 2.0, 2.1, or 4.0 (internal)• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are runningBlackBerry Device Software version 4.0 or later.

Allow Phone IT policy rule

DescriptionThis rule specifies whether the phone is available on a BlackBerry® device.

Default valueThe default value is True.

UsageChange this rule to False to prevent a user from making and receiving any calls except emergency calls. The phone icon remainson the BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ versions 1.2, 2.0, 2.1, 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule in BlackBerry Device Software version 4.0 or later.

Auto Signature IT policy rule

DescriptionThis rule specifies the signature that is attached automatically to outgoing email messages.

Default valueThe default value is a null value.

UsageUse this rule to add a disclaimer to the end of email messages that a user sends from a BlackBerry® device.

Policy Reference Guide Global items

41

Page 44: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule is obsolete in BlackBerry® Enterprise Server version 4.1 SP2 and later.

Minimum requirements• BlackBerry® Desktop Software version 3.5• BlackBerry® Enterprise Server for IBM® Lotus® Domino® version 4.0• BlackBerry® Enterprise Server for Microsoft® Exchange version 3.5

ExceptionsThe BlackBerry Enterprise Server for Microsoft Exchange supports this rule in BlackBerry Enterprise Server versions 3.5 to 4.1 SP2.

The BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Application Center policy group

Disable Application Center IT policy rule

DescriptionThis rule specifies whether to prevent the application center from running on a BlackBerry® device.

Default valueThe default value is False.

UsageChange this rule to True to prevent a BlackBerry device user from accessing the application center.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.3• BlackBerry® Enterprise Server version 4.1 SP6

Disable Carrier Directory IT policy rule

DescriptionThis rule specifies whether to prevent a user from accessing the carrier directory in the application center on a BlackBerry® device.

Default valueThe default value is False.

Usage

Policy Reference Guide Application Center policy group

42

Page 45: BlackBerry Enterprise Server - Telef³nica Czech Republic

Change this rule to True to prevent a user from accessing the carrier directory in the application center.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.3• BlackBerry® Enterprise Server version 4.1 SP6

BlackBerry Messenger policy group

Disable BlackBerry Messenger IT policy rule

DescriptionThis rule specifies whether the BlackBerry® Messenger is turned off.

Default valueThe default value is False.

UsageChange this rule to True to turn off the BlackBerry Messenger. This might help prevent risks that are associated with PINmessaging. For more information about PIN messaging risks, see the BlackBerry Enterprise Solution Security Technical Overview.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 4.0 SP2

Disallow Forwarding of Contacts IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device user can forward a BlackBerry® Messenger contact to another user.

Default valueThe default value Advanced security and Advanced security (disallow application downloads) IT policies is True.

The default value in all other preconfigured IT policies is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.6• BlackBerry® Enterprise Server version 4.1 SP6

Policy Reference Guide BlackBerry Messenger policy group

43

Page 46: BlackBerry Enterprise Server - Telef³nica Czech Republic

Messenger Audit Email Address IT policy rule

DescriptionThis rule specifies the address that the BlackBerry® device sends BlackBerry® Messenger audit reports to.

Default valueThe default value is a null value. BlackBerry Messenger turns off auditing and does not send reports.

UsageConfigure a value for this rule if you want to audit the use of BlackBerry Messenger in your organization.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 4.0 SP2

Messenger Audit Max Report Interval IT policy rule

DescriptionThis rule specifies the maximum amount of time (in hours) that can elapse between BlackBerry® Messenger audit reports thata BlackBerry device sends when there is no new data. The permitted range is 1 through 8736 hours.

Default valueThe default value is 168 hours.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 4.0 SP2

Messenger Audit Report Interval IT policy rule

DescriptionThis rule specifies the amount of time (in hours) that can elapse between BlackBerry® Messenger audit reports that a BlackBerrydevice sends when there is new data. The permitted range is 1 through 8736 hours.

Default value

Policy Reference Guide BlackBerry Messenger policy group

44

Page 47: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is 24 hours.

UsageChange this rule to a shorter interval to manage the BlackBerry device memory.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 4.0 SP2

Messenger Audit UID IT policy rule

DescriptionThis rule specifies the unique identifier of the service book to use when a BlackBerry® device sends BlackBerry® Messenger auditreports.

Default valueThe default value is a null value. The BlackBerry device uses the first available service that encrypts messages to send reports.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 4.0 SP2

BlackBerry Smart Card Reader policy groupFor more information about using the BlackBerry® Smart Card Reader with computers and BlackBerry devices, see theBlackBerry® Enterprise Solution Security Technical Overview and the BlackBerry Smart Card Reader Security Technical Overview.

Disable Auto Reconnect To BlackBerry Smart Card Reader IT policy rule

DescriptionThis rule specifies whether a previously connected computer or BlackBerry® device can reconnect to a BlackBerry® Smart CardReader automatically.

Turning off automatic reconnections is designed to increase the life of the BlackBerry device battery.

Default valueThe default value is a null value.

Policy Reference Guide BlackBerry Smart Card Reader policy group

45

Page 48: BlackBerry Enterprise Server - Telef³nica Czech Republic

UsageSelect the Disable Auto Reconnect On BlackBerry option to prevent a BlackBerry device from reconnecting automatically to aBlackBerry Smart Card Reader.

Select the Disable Auto Reconnect On PC option to prevent a computer from reconnecting automatically to a BlackBerry SmartCard Reader.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP7• BlackBerry Smart Card Reader software version 1.5.1

Force Erase All Keys on BlackBerry Disconnected Timeout IT policy rule

DescriptionThis rule specifies whether the secure pairing keys for connections between a computer or a BlackBerry® device and theBlackBerry® Smart Card Reader are deleted after the connection closes.

Default valueThe default value is False. The secure pairing keys are not deleted from the BlackBerry device or the computer.

UsageIf you change this rule to True, a user cannot change this feature on a BlackBerry device.

DependenciesA BlackBerry device uses this rule only if you configure the Maximum BlackBerry Disconnect Timeout IT policy rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP5• BlackBerry Smart Card Reader software version 1.5

Force Erase Key on PC Standby IT policy rule

DescriptionThis rule specifies whether the computer deletes the secure pairing key and closes the connection to the BlackBerry® Smart CardReader when the computer goes into standby mode.

Default value

Policy Reference Guide BlackBerry Smart Card Reader policy group

46

Page 49: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is False.

UsageThe user can configure this feature on the computer. If you change this rule to True, the user cannot turn off this feature on thecomputer.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP7• BlackBerry Smart Card Reader software version 1.5.1

Maximum BlackBerry Bluetooth Traffic Inactivity Timeout IT policy rule

DescriptionThis rule specifies the maximum time (in minutes) of inactivity that is permitted between a BlackBerry® Smart Card Reader anda BlackBerry device before the secure pairing information is deleted from the BlackBerry device and the BlackBerry Smart CardReader. The permitted range is 1 through 10,080 minutes.

Activity is any secure packet that is sent or received by a BlackBerry device and a BlackBerry Smart Card Reader over a Bluetooth®connection, other than the connection heartbeat packet.

Default valueThe default value is a null value. The secure pairing information is not deleted from the BlackBerry device.

UsageIf you configure this rule, the user cannot turn off this feature but can change the Inactivity Timeout field on the BlackBerry deviceto a lower value.

If you do not configure this rule, the user can change the Inactivity Timeout field to any value.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP2• BlackBerry Smart Card Reader software version 1.5.1

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Maximum BlackBerry Disconnected Timeout IT policy rule

Description

Policy Reference Guide BlackBerry Smart Card Reader policy group

47

Page 50: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies the maximum time (in seconds) of inactivity after the Bluetooth® connection between a BlackBerry® deviceand a BlackBerry® Smart Card Reader closes that the disconnected timeout expires. The permitted range is 0 through 604,800seconds.

Default valueThe default value is a null value. The secure pairing information is not deleted from the BlackBerry device.

UsageIf you configure this rule, the user cannot turn off this feature but can change the Disconnected Timeout field on a BlackBerrydevice to a lower value.

If you do not configure this rule, the user can change the Disconnected Timeout value to any value.

DependenciesThe value of this rule affects how a BlackBerry device uses the Force Erase All Keys on BlackBerry Disconnected Timeout IT policyrule, if you configure that rule to True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP2• BlackBerry Smart Card Reader software version 1.5

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Maximum BlackBerry Long Term Timeout IT policy rule

DescriptionThis rule specifies the maximum time (in hours) that can elapse after a BlackBerry® device and a BlackBerry® Smart Card Readerestablish secure pairing information before the BlackBerry device and the BlackBerry Smart Card Reader delete the secure pairinginformation. The permitted range is 1 through 720 hours.

Default valueThe default value is a null value.

UsageIf you configure this rule, the user cannot turn off this feature but can change the Long Term Timeout field on a BlackBerry deviceto a lower value.

If you do not configure this rule, the user can change the Long Term Timeout field to any value.

Dependencies

Policy Reference Guide BlackBerry Smart Card Reader policy group

48

Page 51: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule is related to the Maximum BlackBerry Bluetooth Traffic Inactivity Timeout IT policy rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP2• BlackBerry Smart Card Reader software version 1.5.1

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Maximum Bluetooth Encryption Key Regeneration Period IT policy rule

DescriptionThis rule specifies the length of time (in hours) that can elapse after a BlackBerry® Smart Card Reader regenerates a Bluetooth®encryption key if a BlackBerry device or computer is connected to a BlackBerry Smart Card Reader. If the BlackBerry device orcomputer is not connected to the BlackBerry Smart Card Reader, the BlackBerry Smart Card Reader regenerates the encryptionkey when the BlackBerry device or computer reconnects to the BlackBerry Smart Card Reader. The permitted range is 1 through720 hours.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP7• BlackBerry Smart Card Reader software version 1.5.1

Maximum Bluetooth Range IT policy rule

DescriptionThis rule specifies the maximum power range that a BlackBerry® Smart Card Reader uses to send Bluetooth® packets. Thepermitted range is 30% through 100%.

Default valueThe default value is 100%.

Usage

Policy Reference Guide BlackBerry Smart Card Reader policy group

49

Page 52: BlackBerry Enterprise Server - Telef³nica Czech Republic

Configure a larger power range for a BlackBerry device or a computer to communicate with a BlackBerry Smart Card Reader overa greater distance.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP3• BlackBerry Smart Card Reader software version 1.0

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Maximum Connection Heartbeat Period IT policy rule

DescriptionThis rule specifies the maximum connection heartbeat period (in seconds). During each heartbeat period, a paired BlackBerry®device or computer sends a heartbeat which the BlackBerry® Smart Card Reader acknowledges. If either side fails to send oracknowledge a heartbeat in the maximum heartbeat period, the BlackBerry device or computer closes the Bluetooth® connection.The permitted range is 60 through 3600 seconds.

Note: If the disconnected timer is turned on, it starts when the connection closes. A BlackBerry device or computer deletes thesecure pairing keys when the disconnected timeout expires.

Default valueThe default value is a null value. The heartbeat period is turned off.

UsageUse this rule to prevent an attacker from using a low-level Bluetooth heartbeat period to keep a Bluetooth connection betweena BlackBerry device or computer and a BlackBerry Smart Card Reader open and the secure pairing keys present.

If you configure this rule, the user cannot turn off the heartbeat period but can change the Connection Heartbeat Period fieldon a BlackBerry device or a computer to a lower value.

If you do not configure this rule, the user can change the Connection Heartbeat Period field to any value.

If you configure a low value, such as 1, 2, or 5 minutes, Bluetooth traffic increases. The increased traffic might affect the batterypower level of the BlackBerry device and BlackBerry Smart Card Reader.

DependenciesYou can use the Maximum BlackBerry Disconnected Timeout and Maximum PC Disconnected Timeout rules to specify theBlackBerry device and the computer disconnected timers.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0

Policy Reference Guide BlackBerry Smart Card Reader policy group

50

Page 53: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Enterprise Server version 4.0 SP2• BlackBerry Smart Card Reader software version 1.0

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Maximum Number of BlackBerry Transactions IT policy rule

DescriptionThis rule specifies the maximum number of smart card-related transactions that can occur between a BlackBerry® device and aBlackBerry® Smart Card Reader before the secure pairing information is deleted from the BlackBerry device. The permitted rangeis 100 through 10,000 transactions.

A transaction is any set of request and response packets other than the connection heartbeat packet.

Default valueThe default value is a null value. The secure pairing information is not deleted from the BlackBerry device.

UsageIf you configure this rule, the user cannot stop the secure pairing information from being deleted but can change the Numberof Transactions field on a BlackBerry device to a lower value.

If you do not configure this rule, the user can change the Number of Transactions field to any value.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP2• BlackBerry Smart Card Reader software version 1.5

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Maximum Number of PC Pairings IT policy rule

DescriptionThis rule specifies the maximum number of computers that can pair with a BlackBerry® Smart Card Reader. The permitted rangeis 0 through 65,535 computers.

Default valueThe default value is a null value.

Usage

Policy Reference Guide BlackBerry Smart Card Reader policy group

51

Page 54: BlackBerry Enterprise Server - Telef³nica Czech Republic

If you configure this rule while computers are paired with a BlackBerry Smart Card Reader and more than the maximum numberof computers are connected, the BlackBerry Smart Card Reader closes connections with the last computers to pair.

Minimum requirements• BlackBerry® Enterprise Server version 4.0 SP5• BlackBerry Smart Card Reader software version 1.5

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Maximum Number of PC Transactions IT policy rule

DescriptionThis rule specifies the maximum number of smart card-related transactions that can occur between a computer and a BlackBerry®Smart Card Reader before the secure pairing information is deleted from the computer and the BlackBerry Smart Card Reader.The permitted range is 100 through 10,000 transactions.

A transaction is any set of request and response packets other than the connection heartbeat packet.

Default valueThe default value is a null value.

UsageIf you configure this rule, the user cannot stop the secure pairing information from being deleted, but can change the Numberof Transactions field in the BlackBerry Smart Card Reader options on a computer to a lower value.

If you do not configure this rule, the user can change the Number of Transactions field to any value.

Minimum requirements• BlackBerry® Enterprise Server version 4.0 SP5• BlackBerry Smart Card Reader software version 1.5

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Maximum PC Bluetooth Traffic Inactivity Timeout IT policy rule

DescriptionThis rule specifies the maximum time (in minutes) of inactivity that is permitted between a BlackBerry® Smart Card Reader anda computer before the secure pairing information is deleted from the computer and the BlackBerry Smart Card Reader. Thepermitted range is 1 through 10,080 minutes.

Policy Reference Guide BlackBerry Smart Card Reader policy group

52

Page 55: BlackBerry Enterprise Server - Telef³nica Czech Republic

Activity is any secure packet that is sent or received by a BlackBerry device and a BlackBerry Smart Card Reader over a Bluetooth®connection, other than the connection heartbeat packet.

Default valueThe default value is a null value. The secure pairing information is not deleted from the computer.

UsageIf you configure this rule, the user cannot turn off this feature but can change the Inactivity Timeout field in the BlackBerry SmartCard Reader options on the computer to a lower value.

If you do not configure this rule, the user can change the Inactivity Timeout field to any value.

Minimum requirements• BlackBerry® Enterprise Server version 4.0 SP5• BlackBerry Smart Card Reader software version 1.5

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Maximum PC Disconnected Timeout IT policy rule

DescriptionThis rule specifies the maximum time (in seconds) that can elapse after a computer and a BlackBerry® Smart Card Reader closea Bluetooth® connection before the secure pairing information for that connection is deleted from the computer and BlackBerrySmart Card Reader. The permitted range is 0 through 604,800 seconds.

Default valueThe default value is a null value.

UsageIf you configure this rule, the user cannot turn off this feature but can change the Disconnected Timeout field in the BlackBerrySmart Card Reader options on a computer to a lower value.

If you do not configure this rule, the user can change the Disconnected Timeout field to any value.

Minimum requirements• BlackBerry® Enterprise Server version 4.0 SP5• BlackBerry Smart Card Reader software version 1.5

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Policy Reference Guide BlackBerry Smart Card Reader policy group

53

Page 56: BlackBerry Enterprise Server - Telef³nica Czech Republic

Maximum PC Long Term Timeout IT policy rule

DescriptionThis rule specifies the maximum time (in hours) that can elapse after a computer and a BlackBerry® Smart Card Reader establishsecure pairing information before the computer and BlackBerry Smart Card Reader delete the secure pairing information. Thepermitted range is 1 through 720 hours.

Default valueThe default value is a null value.

UsageIf you configure this rule, the user cannot turn off this feature but can change the Long Term Timeout field in the BlackBerrySmart Card Reader options on a computer to a lower value.

If you do not configure this rule, the user can change the Long Term Timeout field to any value.

DependenciesThis rule is related to the Maximum PC Bluetooth Traffic Inactivity Timeout IT policy rule.

Minimum requirements• BlackBerry® Enterprise Server version 4.0 SP5• BlackBerry Smart Card Reader software version 1.5

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Maximum Smart Card Not Present Timeout IT policy rule

DescriptionThis rule specifies the maximum time (in seconds) that can elapse after a user removes a smart card from a BlackBerry® SmartCard Reader before the secure pairing information is deleted from the BlackBerry device and BlackBerry Smart Card Reader. Thepermitted range is 0 through 86,400 seconds.

Default valueThe default value is a null value. The secure pairing information is not deleted from the BlackBerry device.

UsageIf you configure this rule, the user can change the Card Not Present Timeout value on the BlackBerry device to any value.

If you do not configure this rule, the user cannot turn off this feature but can change the Card Not Present Timeout field to alower value.

Minimum requirements

Policy Reference Guide BlackBerry Smart Card Reader policy group

54

Page 57: BlackBerry Enterprise Server - Telef³nica Czech Republic

• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP2• BlackBerry Smart Card Reader software version 1.5

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Minimum PIN Entry Mode IT policy rule

DescriptionThis rule specifies the minimum PIN entry mode that is required when a user pairs a BlackBerry® Smart Card Reader with aBlackBerry device or computer. The BlackBerry® Enterprise Server enforces the minimum PIN entry mode when a user types theuser authenticator password (smart card PIN) during the Bluetooth® pairing process and secure pairing process.

Default valueThe default value is Numeric.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry Enterprise Server version 5.0• BlackBerry Smart Card Reader version 2.0

BlackBerry Unite! policy group

Disable Download Manager IT policy rule

DescriptionThis rule specifies whether to prevent the Download Manager for the BlackBerry® Unite!™ software from running on a BlackBerrydevice.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.2• BlackBerry® Enterprise Server version 4.1 SP6

Policy Reference Guide BlackBerry Unite! policy group

55

Page 58: BlackBerry Enterprise Server - Telef³nica Czech Republic

Disable Unite! Applications IT policy rule

DescriptionThis rule specifies whether to prevent applications for the BlackBerry® Unite!™ software from running on a BlackBerry device.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.2• BlackBerry® Enterprise Server version 4.1 SP6

Bluetooth policy groupFor more information about Bluetooth® security on BlackBerry® devices, see the BlackBerry Enterprise Solution Security TechnicalOverview and Security for BlackBerry Devices with Bluetooth Wireless Technology.

Allow Outgoing Calls IT policy rule

DescriptionThis rule specifies whether a user can place outgoing calls from a BlackBerry® device using Bluetooth® technology.

Default valueThe default value is Always.

UsageConfigure this rule to Always, Never, or Only when the BlackBerry device is unlocked.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.2• BlackBerry® Enterprise Server version 4.0 SP1

Disable Address Book Transfer IT policy rule

Description

Policy Reference Guide Bluetooth policy group

56

Page 59: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether to prevent a BlackBerry® device from exchanging address book data with a supported Bluetooth®enabled device.

Default valuesThe default value in the Advanced security and Advanced security (disallow application downloads) IT policies is True.

The default value in all other preconfigured IT policies is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP3

Disable Advanced Audio Distribution Profile IT policy rule

DescriptionThis rule specifies whether a Bluetooth® enabled BlackBerry® device can use the Bluetooth A2DP.

Default valueThe default value is False.

UsageChange this rule to True to turn off the ability to stream audio using Bluetooth technology.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.2• BlackBerry® Enterprise Server version 4.1 SP4

Disable Audio/Video Remote Control Profile IT policy rule

DescriptionThis rule specifies whether a Bluetooth® enabled BlackBerry® device can use the Bluetooth AVRCP.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.2• BlackBerry® Enterprise Server version 4.1 SP4

Policy Reference Guide Bluetooth policy group

57

Page 60: BlackBerry Enterprise Server - Telef³nica Czech Republic

Disable Bluetooth IT policy rule

DescriptionThis rule specifies whether support for Bluetooth® technology on a BlackBerry® device is turned off.

Default valueThe default value is False.

UsageIf Bluetooth technology is turned on when a BlackBerry device receives this rule, the user must reset the BlackBerry device forthe change to take effect.

Minimum requirement• Java® based BlackBerry device• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.8• BlackBerry® Enterprise Server version 4.0

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule in BlackBerry Device Software version 4.0 and later.

Disable Desktop Connectivity IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device from using Bluetooth® technology to connect to the BlackBerry®Desktop Software.

Default valueThe default value is True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP3

Disable Dial-Up Networking IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device from using the Bluetooth® DUN profile.

Default value

Policy Reference Guide Bluetooth policy group

58

Page 61: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Disable Discoverable Mode IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device user from making a BlackBerry device discoverable.

A BlackBerry device that is discoverable can be found by other Bluetooth® enabled devices within range of the BlackBerry device.

Default valuesThe default value in the Default and Basic password security IT policies is False.

The default value in all other preconfigured IT policies is True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.2• BlackBerry® Enterprise Server version 4.0 SP2

Disable File Transfer IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device from exchanging files with supported Bluetooth® OBEX devices.

Default valuesThe default value in the Advanced security and Advanced security (disallow application downloads) IT policies is True.

The default value in all other preconfigured IT policies is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Disable Handsfree Profile IT policy rule

Description

Policy Reference Guide Bluetooth policy group

59

Page 62: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether a BlackBerry® device can use the Bluetooth® HFP.

Default valueThe default value is False.

UsageA BlackBerry device uses the Bluetooth HFP to connect to most car kits and some headsets.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.8• BlackBerry® Enterprise Server version 4.0

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule in BlackBerry Device Software version 4.0 and later.

Disable Headset Profile IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device can use the Bluetooth® HSP.

Default valueThe default value is False.

UsageA BlackBerry device uses the Bluetooth HSP to connect to most headsets and some car kits.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.8• BlackBerry® Enterprise Server version 4.0

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule in BlackBerry Device Software version 4.0 and later.

Disable Pairing IT policy rule

Description

Policy Reference Guide Bluetooth policy group

60

Page 63: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether a BlackBerry® device can pair with a Bluetooth® enabled device.

Default valueThe default value is False.

UsageAfter a BlackBerry device pairs with a supported Bluetooth enabled device, you can use this rule to prevent the BlackBerry devicefrom pairing with other Bluetooth enabled devices.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.8• BlackBerry® Enterprise Server version 4.0

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule in BlackBerry Device Software version 4.0 and later.

Disable Serial Port Profile IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device can use the Bluetooth® SPP.

Default valuesThe default value in the Advanced security and Advanced security (disallow application downloads) IT policies is True.

The default value in all other preconfigured IT policies is False.

UsageA BlackBerry device uses the Bluetooth SPP to establish a serial connection between the BlackBerry device and a Bluetoothenabled device that uses a serial port interface.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.8• BlackBerry® Enterprise Server version 4.0

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule in BlackBerry Device Software version 4.0 and later.

Policy Reference Guide Bluetooth policy group

61

Page 64: BlackBerry Enterprise Server - Telef³nica Czech Republic

Disable SIM Access Profile IT policy rule

DescriptionThis rule specifies whether to prevent a Bluetooth® enabled BlackBerry® device from using the Bluetooth SIM Access Profile,which might be required when a car kit initiates dialing.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.6• BlackBerry® Enterprise Server version 4.1 SP6

Disable Wireless Bypass IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device can use wireless bypass using Bluetooth® technology.

Default valueThe default value is True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP3

Force CHAP Authentication on Bluetooth Link IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device must use CHAP authentication to connect to a computer using a Bluetooth®serial connection.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Desktop Software version 4.2.2• BlackBerry® Device Software version 4.2.2

Policy Reference Guide Bluetooth policy group

62

Page 65: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Enterprise Server version 4.1 SP4

Limit Discoverable Time IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device user can configure the Bluetooth® discoverable mode option so that the optiondoes not have a time limit.

Default valueThe default value is False.

UsageChange this rule to True to permit a user to set the Bluetooth discoverable mode option to use a time limit of 2 minutes or to turnoff Bluetooth discoverable mode.

DependenciesA BlackBerry device uses this rule only if you configure the Disable Discoverable Mode IT policy rule to False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.5• BlackBerry® Enterprise Server version 4.1 SP5

Minimum Encryption Key Length IT policy rule

DescriptionThis rule specifies the minimum encryption key length (in bytes) that a BlackBerry® device uses to encrypt Bluetooth® connections.The permitted range is 1 through 16 bytes.

Default valueThe default value is 1 byte.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.5• BlackBerry® Enterprise Server version 4.1 SP5

Require Encryption IT policy rule

Description

Policy Reference Guide Bluetooth policy group

63

Page 66: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether a BlackBerry® device uses Bluetooth® encryption for all connections.

Default valueThe default value is False.

UsageIf you change this rule to True to require Bluetooth encryption for all connections, you might restrict compatibility with someBluetooth enabled devices.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP4

Require LED Connection Indicator IT policy rule

DescriptionThis rule specifies whether the LED must flash when a BlackBerry® device is connected to a Bluetooth® enabled device.

Default valuesThe default value in the Advanced security and Advanced security (disallow application downloads) IT policies is True.

The default value in all other preconfigured IT policies is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Require Password for Discoverable Mode IT policy rule

DescriptionThis rule specifies whether a user must type the BlackBerry® device password before the BlackBerry device can be discoveredby Bluetooth® enabled devices.

Default valueThe default value is False.

DependenciesA BlackBerry device uses this rule only if the Password Required IT policy rule is configured to True.

Minimum requirements• Java® based BlackBerry device

Policy Reference Guide Bluetooth policy group

64

Page 67: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP3

Require Password for Enabling Bluetooth Support IT policy rule

DescriptionThis rule specifies whether a user must type the BlackBerry® device password to turn on Bluetooth® technology.

Default valueThe default value is False.

DependenciesA BlackBerry device uses this rule only if the Password Required IT policy rule is configured to True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP3

Browser policy groupIT policy rules in the Browser policy group apply to all browser configurations on the BlackBerry® device.

Allow Application Download Services IT policy rule

DescriptionThis rule specifies whether application download service icons appear on a BlackBerry® device when the wireless service providerassigns a service to the BlackBerry device and the appropriate service books are present on the BlackBerry device.

Default valueThe default value is True.

UsageChange this rule to False to hide all application download service icons.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.3• BlackBerry® Enterprise Server version 4.1 SP5

Policy Reference Guide Browser policy group

65

Page 68: BlackBerry Enterprise Server - Telef³nica Czech Republic

Allow Hotspot Browser IT policy rule

DescriptionThis rule specifies whether a Wi-Fi® enabled BlackBerry® device can access a hotspot browser.

Default valueThe default value is Allow.

UsageChange this rule to Disallow to prevent a Wi-Fi enabled BlackBerry device from accessing a hotspot browser.

Change this rule to Only for Hotspot Login to permit access only for the purpose of authenticating to the hotspot.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.6• BlackBerry® Enterprise Server version 4.1 SP6

Allow IBS Browser IT policy rule

DescriptionThis rule specifies whether a BlackBerry® Internet Service Browsing icon appears on a BlackBerry device if the appropriate servicebooks are present for BlackBerry Internet Service Browsing.

Default valueThe default value is True.

UsageChange this rule to False to hide the BlackBerry Internet Service Browsing icon.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Disable Auto Synchronization in Browser IT policy rule

Description

Policy Reference Guide Browser policy group

66

Page 69: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether to prevent a user from configuring intervals for automatic synchronization of the bookmark list in theBlackBerry® Browser.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Disable JavaScript in Browser IT policy rule

DescriptionThis rule specifies whether to permit the execution of JavaScript® code on a BlackBerry® device.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Download Images URL IT policy rule

DescriptionThis rule specifies a web address that provides additional pictures for a BlackBerry® device.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0 SP3• BlackBerry® Device Software version 4.1

Policy Reference Guide Browser policy group

67

Page 70: BlackBerry Enterprise Server - Telef³nica Czech Republic

Download Themes URL IT policy rule

DescriptionThis rule specifies a web address that provides additional themes for a BlackBerry® device.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP3

Download Tunes URL IT policy rule

DescriptionThis rule specifies a web address that provides additional ring tones for a BlackBerry® device.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP3

MDS Browser BSM Enabled IT policy rule

DescriptionThis rule specifies whether the browser session manager is turned on in the BlackBerry® Browser.

Default valueThe default value is True.

UsageThe browser session manager is designed to improve BlackBerry Browser performance by helping the BlackBerry® MDSConnection Service use the BlackBerry Browser cache.

Minimum requirements

Policy Reference Guide Browser policy group

68

Page 71: BlackBerry Enterprise Server - Telef³nica Czech Republic

• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Device Software version 4.0.2• BlackBerry® Enterprise Server version 4.0 SP2

MDS Browser Domains IT policy rule

DescriptionThis rule specifies a list of web addresses that a BlackBerry® device retrieves using the BlackBerry® Browser. Separate multipleweb addresses with a comma.

Default valueThe default value is a null value.

UsageThis rule supports the use of wildcard characters.

If you want to permit the BlackBerry Browser to retrieve sub-domains of a web address, prefix the domain with a period. Forexample, type ".yahoo.ca" to permit the BlackBerry Browser to retrieve all sub-domains of yahoo.ca (such as mail.yahoo.ca,www.yahoo.ca).

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

MDS Browser HTML Tables Enabled IT policy rule

DescriptionThis rule specifies whether support for HTML tables in the BlackBerry® Browser is turned on.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Device Software version 4.0.2• BlackBerry® Enterprise Server version 4.0 SP2

Policy Reference Guide Browser policy group

69

Page 72: BlackBerry Enterprise Server - Telef³nica Czech Republic

MDS Browser JavaScript Enabled IT policy rule

DescriptionThis rule specifies whether JavaScript® in the BlackBerry® Browser is turned on.

Default valueThe default value is False.

UsageChange this rule to True to render web pages that use JavaScript correctly.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Device Software version 4.0.2• BlackBerry® Enterprise Server version 4.0 SP2

MDS Browser Style Sheets Enabled IT policy rule

DescriptionThis rule specifies whether style sheets in the BlackBerry® Browser are turned on.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Device Software version 4.0.2• BlackBerry® Enterprise Server version 4.0 SP2

MDS Browser Title IT policy rule

DescriptionThis rule specifies the name for the BlackBerry® Browser icon that appears on the Home screen.

Default value

Policy Reference Guide Browser policy group

70

Page 73: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is BlackBerry Browser.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server for Microsoft® Exchange version 3.6• BlackBerry® Enterprise Server for IBM® Lotus® Domino® and Novell® GroupWise® version 4.0

MDS Browser Use Separate Icon IT policy rule

DescriptionThis rule specifies whether an icon for the BlackBerry® Browser appears on the Home screen of the BlackBerry device.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Camera policy group

Disable Photo Camera IT policy rule

DescriptionThis rule specifies whether the camera is available on a BlackBerry® device.

Default valueThe default value is False. The camera is available on the BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Policy Reference Guide Camera policy group

71

Page 74: BlackBerry Enterprise Server - Telef³nica Czech Republic

Disable Video Camera IT policy rule

DescriptionThis rule specifies whether the video camera feature on a BlackBerry® device is turned on.

Default valueThe default value is False. The video camera is available on the BlackBerry device.

UsageChange this rule to True to turn off the video camera feature.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.3• BlackBerry® Enterprise Server version 4.1 SP5

Certification Authority Profile policy groupThe previous name of this policy group was Certificate Authority Profile policy group.

Allow Private Key Export IT policy rule

DescriptionThis rule specifies whether to prevent a user from exporting private keys that are included in the certification authority profile.A user can export private keys using the BlackBerry® Desktop Manager to back up BlackBerry device data or to synchronizecertificates.

Default valueThe default value is False.

UsageIf you change this rule to True, a user can restore the private keys to the same BlackBerry device only, not to another BlackBerrydevice.. A BlackBerry device encrypts the private key using a key that is specific to the BlackBerry device.

DependenciesA BlackBerry device uses this rule only if the Disable Key Store Backup rule is configured to False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0

Policy Reference Guide Certification Authority Profile policy group

72

Page 75: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Enterprise Server version 5.0

Certification Authority Host IT policy rule

DescriptionThis rule specifies the name of the certification authority server that is required in the certification authority profile (for example,http://<server>.<domain>).

The previous name of this rule was Certificate Authority Host.

Default valueThe default value is a null value.

UsageAccepted values are uppercase and lowercase alphabetical characters, periods (.), forward slashes (/), and hyphens (-).

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0

Certificate Authority Port IT policy rule

DescriptionThis rule specifies the port number that the BlackBerry® MDS Connection Service can use to connect to the certification authority.The permitted range is 0 through 65535.

The previous name of this rule was Certificate Authority Port.

Default valueThe default value is 80 (port 80).

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0

Certification Authority Profile Name IT policy rule

DescriptionThis rule specifies a name for the certification authority profile that a BlackBerry® device requires for certificate enrollmentrequests over a wireless network. The permitted range is 0 through 32 characters.

Policy Reference Guide Certification Authority Profile policy group

73

Page 76: BlackBerry Enterprise Server - Telef³nica Czech Republic

The previous name of this rule was Certificate Authority Profile Name.

Default valueThe default value is a null value.

UsageIf you change this rule after the BlackBerry® Enterprise Server sends the certification authority profile to a BlackBerry device,and you resend the IT policy, the BlackBerry device restarts the certificate enrollment process.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 5.0• BlackBerry Enterprise Server version 5.0

Certification Authority Profile Required IT policy rule

DescriptionThis rule specifies whether the certificate enrollment process is required for a BlackBerry® device.

The previous name of this rule was Certificate Authority Profile Required.

Default valueThe default value is True. The BlackBerry device enrolls the certificate without any user interaction after the BlackBerry® EnterpriseServer pushes the IT policy to the BlackBerry device. The user cannot delete the certificate.

UsageIf you change this rule to False, the certification authority profile is optional, and the BlackBerry device starts the certificateenrollment process automatically after the BlackBerry Enterprise Server pushes the IT policy to the BlackBerry device.

The user can cancel the enrollment process when the BlackBerry device requests the user's credentials. If the user cancels theenrollment process, the BlackBerry device does not add the certificate to the key store.

The certification authority might still issue the certificate to the BlackBerry device, and the BlackBerry MDS Connection Servicemight still retrieve the certificate, but the BlackBerry device does not store the certificate in the key store.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry Enterprise Server version 5.0

Certification Authority Type IT policy rule

Description

Policy Reference Guide Certification Authority Profile policy group

74

Page 77: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies the type of certification authority that the BlackBerry® MDS Connection Service can access in yourorganization's environment.

The previous name of this rule was Certificate Authority Type.

Default valueThe default value is Microsoft® Enterprise.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0

Certificate Enrollment Delay IT policy rule

DescriptionThis rule specifies the time (in hours) that a BlackBerry® device can wait before it initiates the certificate enrollment process.The BlackBerry device selects a time randomly within this specified time period to start the certificate enrollment process so thatthe BlackBerry® Enterprise Server does not receive many certificate enrollment requests at one time. The permitted range is 0through 24 hours.

Default valueThe default value is 1 hour.

UsageIf the initial certificate enrollment process does not complete, a BlackBerry device uses this rule to specify a retry time for theenrollment process.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry Enterprise Server version 5.0

Certificate Expiry Window IT policy rule

DescriptionThis rule specifies the number of days before a certificate expires that a BlackBerry® device generates a new certificate enrollmentrequest to replace the expiring certificate. The permitted range is 1 through 30 days.

Default valueThe default value is 7 days.

Minimum requirements

Policy Reference Guide Certification Authority Profile policy group

75

Page 78: BlackBerry Enterprise Server - Telef³nica Czech Republic

• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0

Common Name Components IT policy rule

DescriptionThis rule specifies the information that appears in the common name of the certificate that the certification authority issues toa user.

Default valueThe default value is User Name and BlackBerry® Device PIN.

UsageIf you select the Local Email Address option, the certification authority adds the user name from the email address to the commonname, but not the at sign (@) or domain information.

DependencyIf you change the Certification Authority Type rule to Microsoft® enterprise certification authority, and the Microsoft certificationauthority uses a template to build the subject name of the certificate from the Microsoft® Active Directory®, a BlackBerry devicedoes not use this rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0

Custom Microsoft Certification Authority Certificate Template IT policy rule

DescriptionThis rule specifies a custom certificate template for the Microsoft® enteprise certification authority.

The previous name of this rule was Custom Microsoft Certificate Authority Certificate Template.

Default valueThe default value is a null value.

UsageYou must use the exact value that the administrator for the certification authority configures for the Microsoft enterprise certificateauthority.

Dependencies

Policy Reference Guide Certification Authority Profile policy group

76

Page 79: BlackBerry Enterprise Server - Telef³nica Czech Republic

If you configure this rule, a BlackBerry® device does not use the Microsoft Certification Authority Certificate Template rule. ABlackBerry device uses this rule only if the Certification Authority Type rule is configured to Microsoft Enterprise.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0

Distinguished Name Components IT policy rule

DescriptionThis rule specifies, in a comma delimited list, the components that must appear in the distinguished name of the certificate (forexample, C=Country, O=Organization, OU=Organizational Unit).

Default valueThe default value is a null value.

UsageA BlackBerry® device accepts certificates only if the email address in the distinguished name of the certificate matches an emailaddress on a BlackBerry device.

Supported values are the following: C=<Country>, L=<Locality>, O=<Organization>, OU=<Organizational_unit>, andST=<State_or_Province>.

DependenciesIf you change the Certification Authority Type rule to Microsoft® Enterprise, and the Microsoft certification authority uses atemplate to build the subject name of the certificate from the Microsoft® Active Directory®, a BlackBerry device does not usethis rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0

Key Algorithm IT policy rule

DescriptionThis rule specifies the algorithm that a BlackBerry® device uses to generate a public-private key pair.

Default valueThe default value is RSA® algorithm.

Minimum requirements

Policy Reference Guide Certification Authority Profile policy group

77

Page 80: BlackBerry Enterprise Server - Telef³nica Czech Republic

• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0

Key Length IT policy rule

DescriptionThis rule specifies the key size (in bits) that a BlackBerry® device generates. The permitted range is 512 through 16,384 bits.

Default valueThe default value is 1024 bits.

UsageIf you change the Key Algorithm rule to RSA®, you must configure the key size to be a multiple of 64.

If you change the Key Algorithm rule to DSA, you must configure the key size to be 512,768, or 1024 bits.

If you configure an unsupported key size, a BlackBerry device chooses the next strongest key size and generates the key.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0

Microsoft Certification Authority Certificate Template IT policy rule

DescriptionThis rule specifies the certificate template that the Microsoft® certification authority uses to create a certificate.

The previous name of this rule was Microsoft Certificate Authority Certificate Template.

Default valueThe default value is User certificate template.

DependenciesIf you configure the Custom Microsoft Certification Authority Certificate Template rule, a BlackBerry® device does not use this rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0

Policy Reference Guide Certification Authority Profile policy group

78

Page 81: BlackBerry Enterprise Server - Telef³nica Czech Republic

RSA Certification Authority Certificate ID IT policy rule

DescriptionThis rule specifies the MD5 certificate ID that is assigned to the RSA® certification authority.

The previous name of this rule was RSA Certificate Authority Certificate ID.

Default valueThe default value is a null value.

UsageYou must map this value to the MD5 certificate ID (for example, 2094a3d152b66fb45ea69501970511f9) that the administratorof the RSA certification authority provides.

DependenciesA BlackBerry® device uses this rule only if you change the Certification Authority Type IT policy rule to RSA.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0

RSA Jurisdiction ID IT policy rule

DescriptionThis rule specifies the unique domain ID that you assign to the RSA® certification authority.

Default valueThe default value is a null value.

UsageThis value maps to the jurisdiction ID (for example, 15c128ec4b2a798c09427072efeddb5d96aa4664) that the administrator ofthe RSA certification authority provides.

DependenciesA BlackBerry® device uses this rule only if you configure the Certification Authority Type IT policy rule to RSA.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0

Policy Reference Guide

79

Page 82: BlackBerry Enterprise Server - Telef³nica Czech Republic

Certificate Synchronization policy groupThe rules in the Certificate Synchronization policy group apply to the certificate search and retrieval features of the S/MIMESupport Package for BlackBerry® Smartphones.

Random Source URL IT policy rule

DescriptionThis rule specifies a web address that produces random data (for example, a web site for a white noise machine). If the S/MIMESupport Package for BlackBerry® Smartphones version 4.0 or later is installed on a BlackBerry device, the certificatesynchronization tool of the BlackBerry® Desktop Manager can use the web address to retrieve random data to add to a BlackBerrydevice.

Default valueThe default value is a null value.

Minimum requirements• S/MIME Support Package for BlackBerry Smartphones version 4.0• BlackBerry® Application Suite version 1.0• BlackBerry® Desktop Software version 4.0• BlackBerry® Enterprise Server version 4.0

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

User Can Disable Automatic RNG Initialization IT policy rule

DescriptionThis rule specifies whether a user can stop the BlackBerry® Desktop Software from starting the random number generator on aBlackBerry device automatically.

Default settingThe default value is True.

Minimum requirements• BlackBerry Desktop Software version 4.3• BlackBerry® Enterprise Server version 4.1 SP5

Policy Reference Guide Certificate Synchronization policy group

80

Page 83: BlackBerry Enterprise Server - Telef³nica Czech Republic

Common policy group

BlackBerry Server version IT policy rule

DescriptionThis rule specifies the BlackBerry® Enterprise Server version number that the BlackBerry Enterprise Server sends to a BlackBerrydevice.

Note: Where applicable, if you do not configure this rule, a BlackBerry device uses the settings that the application control policyrules specify, or the software configurations that the BlackBerry device configuration tool defines. If application control data doesnot exist, by default the BlackBerry device opens internal and external connections through the firewall.

Default valueThe default value is a null value.

UsageConfigure this rule to 4.0 to support application control features.

This rule is obsolete in BlackBerry Enterprise Server version 4.1 and later.

Minimum requirements• C++ based BlackBerry device that is running BlackBerry® Device Software version 2.7• Java® based BlackBerry device that is running BlackBerry Device Software version 4.0• BlackBerry® Connect™ version 4.0• BlackBerry Enterprise Server version 4.0 and earlier

Confirm On Send IT policy rule

DescriptionThis rule specifies whether users must confirm before they send an email message, PIN message, SMS text message, or MMSmessage.

Default valueThe default value is a null value.

UsageUse this rule to create a customized confirmation message.

Minimum requirements• Java® based BlackBerry® device that is running BlackBerry® Device Software version 4.0• C++ based BlackBerry device that is running BlackBerry Device Software version 2.7• BlackBerry® Application Suite version 1.0

Policy Reference Guide Common policy group

81

Page 84: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Connect™ version 4.0• BlackBerry® Enterprise Server version 4.0

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule only for Java based BlackBerry devices.

Disable Kodiak PTT IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device user can use Kodiak™ PTT on a supported BlackBerry device.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Disable MMS IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device user can send and receive MMS messages.

Default valueThe default value is False.

UsageChange this rule to True to prevent security risks that are associated with sending and receiving MMS messages. For moreinformation, see the BlackBerry Enterprise Solution Security Technical Overview.

DependenciesTo block incoming MMS messages, in the Security policy group, configure the Firewall Block Incoming Messages IT policy rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.0.2• BlackBerry® Enterprise Server version 4.0

Policy Reference Guide Common policy group

82

Page 85: BlackBerry Enterprise Server - Telef³nica Czech Republic

Disable Voice-Activated Dialing IT policy rule

DescriptionThis rule specifies whether voice dialing is available on a BlackBerry® device.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Disable Voice Note Recording IT policy rule

DescriptionThis rule specifies whether the voice note recording feature on a BlackBerry® device is turned on.

Default valueThe default value is False.

UsageChange this rule to True to turn off the voice note recording feature and to prevent applications on a BlackBerry device fromaccessing this feature.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.3• BlackBerry® Enterprise Server version 4.1 SP5

Enable Simultaneous Phone and Data IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device user can send and receive data during a phone call.

Default valueThe default value is a null value.

UsageChange this rule to 0 to prevent phone calls and data use from occurring at the same time on the BlackBerry device.

Policy Reference Guide Common policy group

83

Page 86: BlackBerry Enterprise Server - Telef³nica Czech Republic

Change this rule to 1 to allow phone calls and data use to occur at the same time on the BlackBerry device.

Change this rule to 2 to allow data use during a phone call if the phone application runs in the background on the BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.6• BlackBerry® Enterprise Server version 4.1 SP6

IT Policy Notification IT policy rule

DescriptionThis rule specifies whether warnings about IT policy changes appear to a BlackBerry® device user.

Default valueThe default value is False.

Minimum requirements• C++ based BlackBerry device that is running BlackBerry® Device Software version 2.7• Java® based BlackBerry device that is running BlackBerry Device Software version 4.0• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Enterprise Server version 4.0

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule only for Java based BlackBerry devices.

Lock Owner Info IT policy rule

DescriptionThis rule specifies whether a user can change the owner information for a BlackBerry® device. You can lock the Information field,the Name field, or both fields.

Default valueThe default value is a null value.

UsageConfigure this rule to Lock Information text that is defined using the Set Owner Info IT policy rule.

Configure this rule to Lock Name text that is defined using the Set Owner Name IT policy rule.

Configure this rule to Lock both Name and Information text that is defined using the Set Owner Info and Set Owner Name ITpolicy rules.

Policy Reference Guide Common policy group

84

Page 87: BlackBerry Enterprise Server - Telef³nica Czech Republic

You can overwrite this information by sending the Set Owner Information IT administration command to a BlackBerry device.

DependenciesThe Lock Owner Info IT policy rule is related to the Set Owner Info and Set Owner Name IT policy rules.

Minimum requirements• C++ based BlackBerry device that is running BlackBerry® Device Software version 2.7• Java® based BlackBerry device that is running BlackBerry Device Software version 4.0• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Enterprise Server version 4.0

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule only for Java based BlackBerry devices.

Set Owner Info IT policy rule

DescriptionThis rule specifies the owner information that appears on a BlackBerry® device.

Default valueThe default value is a null value.

UsageYou can overwrite this information by sending the Set Owner Information IT administration command to a BlackBerry device.

DependenciesThe Set Owner Info IT policy rule is related to the Lock Owner Info IT policy rule.

Minimum requirements• C++ based BlackBerry device that is running BlackBerry® Device Software version 2.7• Java® based BlackBerry device that is running BlackBerry Device Software version 4.0• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Enterprise Server version 4.0

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule only for Java based BlackBerry devices.

Set Owner Name IT policy rule

Description

Policy Reference Guide Common policy group

85

Page 88: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies the owner name that appears on a BlackBerry® device.

Default valueThe default value is a null value.

UsageYou can overwrite this information by sending the Set Owner Information IT administration command to a BlackBerry device.

DependenciesThe Set Owner Name IT policy rule is related to the Lock Owner Info IT policy rule.

Minimum requirements• C++ based BlackBerry device that is running BlackBerry® Device Software version 2.7• Java® based BlackBerry device that is running BlackBerry Device Software version 4.0• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Enterprise Server version 4.0

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule only for Java based BlackBerry devices.

Date and Time IT policy groupIT policy rules in the Date and Time IT policy group apply to the date and time on a BlackBerry® device, including thesynchronization of time zone information.

Periodic Time Synchronization IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device can automatically synchronize its real-time clock with a time source on thewireless network.

Default valueThe default value in the Advanced security and Advanced security (Disallow Application Downloads) IT policies is False. ABlackBerry device cannot synchronize its clock automatically.

The default value in all other preconfigured IT policies is True. A BlackBerry device can synchronize its clock automatically.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 4.1 SP7

Policy Reference Guide Date and Time IT policy group

86

Page 89: BlackBerry Enterprise Server - Telef³nica Czech Republic

Desktop policy group

Allow BlackBerry Desktop Software Statistics IT policy rule

DescriptionThis rule specifies whether the BlackBerry® Desktop Software can send statistical information to Research In Motion when aBlackBerry device is connected to a computer.

Default valueThe default value is True. The BlackBerry Desktop Software can send statistical information when a BlackBerry device is connectedto a computer.

Minimum requirements• BlackBerry Desktop Software version 5.0• BlackBerry® Enterprise Server version 4.1 SP7

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Allow External Device Software Servers IT policy rule

DescriptionThis rule specifies whether the BlackBerry® Device Software can receive updates from software servers that are hosted outsideyour organization.

Default valueThe default value is False. The BlackBerry Device Software cannot receive updates from software servers that an externalorganization hosts.

Minimum requirements• BlackBerry® Desktop Software version 4.7• BlackBerry® Enterprise Server version 4.1 SP7

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Allow IP Modem application IT policy rule

Description

Policy Reference Guide Desktop policy group

87

Page 90: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether a BlackBerry® device user can use the integrated IP modem application in the BlackBerry® DesktopManager.

Default valueThe default value is True. A BlackBerry® device user can use the integrated IP modem application.

UsageChange this rule to False to prevent a user from using the integrated IP modem application.

If you change this rule to False, the BlackBerry Desktop Manager does not display the integrated IP modem application.

Minimum requirements• BlackBerry® Desktop Software version 5.0.1• BlackBerry® Enterprise Server version 4.1 SP7

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Allow Personal Folder Reconciliation IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device can synchronize email messages in personal folders over a serial connection orUSB connection.

Default valueThe default value in the Default IT policy is True. A BlackBerry device can synchronize email messages in personal folders overa serial connection or USB connection.

The default value in all other preconfigured IT policies is False. A BlackBerry device cannot synchronize email messages in personalfolders.

Minimum requirements• BlackBerry® Desktop Software version 4.7• BlackBerry® Enterprise Server version 4.1 SP7

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Desktop Allow Desktop Add-ins IT policy rule

Description

Policy Reference Guide Desktop policy group

88

Page 91: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether the BlackBerry® Desktop Software can run add-in applications, such as third-party COM-basedextensions that access BlackBerry device databases during synchronization.

Default valueThe default value is True.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry Desktop Software version 3.6• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange or BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Desktop Allow Device Switch IT policy rule

DescriptionThis rule specifies whether BlackBerry® Desktop Software users or BlackBerry® Web Desktop Manager users can switch BlackBerrydevices.

Default valueThe default value is True.

UsageChange this rule to False to prevent users from switching to an unapproved BlackBerry device.

The Enterprise Service Policy overrides this rule. For more information about using the Enterprise Service Policy, see the BlackBerryEnterprise Solution Security Technical Overview.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.

Desktop Password Cache Timeout IT policy rule

Description

Policy Reference Guide Desktop policy group

89

Page 92: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies the length of time (in minutes) that the BlackBerry® Desktop Software or BlackBerry® Web Desktop Managercaches the BlackBerry device password in memory. The permitted range is 0 through 720 minutes.

Default valueThe default value is 10 minutes.

UsageIf you change this rule to 0, a BlackBerry device clears the password from memory when a user disconnects the BlackBerry devicefrom a computer, regardless of the length of time that the BlackBerry device was connected.

DependenciesA BlackBerry device uses this rule only if you configure the Password Required IT policy rule to True.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.

Disable Check For Updates IT policy rule

DescriptionThis rule specifies whether the Check for updates link in the BlackBerry® Desktop Manager is available.

Default valueThe default value is False.

Minimum requirements• BlackBerry® Desktop Software version 4.5• BlackBerry® Enterprise Server version 4.1 SP5

Disable Media Manager IT policy rule

DescriptionThis rule specifies whether the media manager tool of the BlackBerry® Desktop Manager is available.

Default value

Policy Reference Guide Desktop policy group

90

Page 93: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is False.

UsageChange this rule to True to prevent a user from accessing a media card using the media manager tool.

Minimum requirements• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Desktop Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Disable Media Synchronization IT policy rule

DescriptionThis rule specifies whether BlackBerry® Media Sync is available in the BlackBerry® Desktop Manager.

Default valueThe default value is False.

Minimum requirements• BlackBerry® Desktop Software version 4.6• BlackBerry® Enterprise Server version 4.1 SP6

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Generate Encrypted Backup Files IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device creates encrypted backup files.

Default valueThe default value is False. A BlackBerry device does not create encrypted backup files.

Minimum requirements• BlackBerry® Desktop Software version 4.7.1• BlackBerry® Enterprise Server version 4.1 SP7

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Policy Reference Guide Desktop policy group

91

Page 94: BlackBerry Enterprise Server - Telef³nica Czech Republic

Override Check For Updates URL IT policy rule

DescriptionThis rule specifies the destination web address for the Check for updates link in the BlackBerry® Desktop Manager.

Minimum requirements• BlackBerry® Desktop Software version 4.5• BlackBerry® Enterprise Server version 4.1 SP5

Device IOT Application policy group

Device Diagnostic App Disable IT policy rule

DescriptionThis rule specifies whether to prevent a user from sending diagnostic reports from a BlackBerry® device.

Default valueThe default value is False.

Minimum requirements• BlackBerry® Application Suite version 1.0• Java® based BlackBerry device• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Set Diagnostic Report Email Address IT policy rule

DescriptionThis rule specifies one or more email addresses that should receive diagnostic reports. Separate multiple email addresses witha comma (,).

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6• BlackBerry® Application Suite version 1.0

Policy Reference Guide Device IOT Application policy group

92

Page 95: BlackBerry Enterprise Server - Telef³nica Czech Republic

Set Diagnostic Report PIN Address IT policy rule

DescriptionThis rule specifies one or more PINs that should receive diagnostic reports. Separate multiple PINs with a comma (,).

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Documents To Go policy group

Disable Documents To Go IT policy rule

DescriptionThis rule specifies whether a user can open files or attachments using the DataViz® Documents to Go® on a BlackBerry® device.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.5 with the DataViz Documents to Go application installed• BlackBerry® Enterprise Server version 4.1 SP5

Hide Documents To Go Communication Menus IT policy rule

DescriptionThis rule specifies whether a user can register the Documents to Go® application with DataViz®, check for software updatesfrom DataViz, and use the premium edition of the DataViz Documents to Go application on a BlackBerry® device.

Default valueThe default value is False.

Dependencies

Policy Reference Guide Documents To Go policy group

93

Page 96: BlackBerry Enterprise Server - Telef³nica Czech Republic

If you configure the Disable Documents To Go IT policy rule to True, the BlackBerry device ignores this rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.5 with the DataViz Documents to Go application installed• BlackBerry® Enterprise Server version 4.1 SP5

Hide Documents To Go Premium Feature Menus IT policy rule

DescriptionThis rule specifies whether to hide the premium features of the DataViz® Documents to Go® application that are not availableon a BlackBerry® device that is running the standard edition of the Documents to Go application.

Default valueThe default value is False.

DependenciesIf you configure the Disable Documents To Go IT policy rule to True, the BlackBerry device ignores this rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.5 with the DataViz Documents to Go application installed• BlackBerry® Enterprise Server version 4.1 SP5

Email Messaging policy group

Allow Auto Attachment Download IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device automatically downloads supported attachments from email messages that itreceives.

Default valueThe default value is False.

UsageIf you change this rule to True, and the BlackBerry Attachment Service is connected to the BlackBerry® Enterprise Server usingthe BlackBerry Attachment Connector, a BlackBerry device downloads attachments automatically.

Minimum requirements• Java® based BlackBerry device

Policy Reference Guide Email Messaging policy group

94

Page 97: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry Enterprise Server version 4.0 SP6

Attachment Viewing IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device user can view supported attachments in messages and calendar entries.

Default valueThe default value is True.

UsageA BlackBerry device can use this rule if the BlackBerry Attachment Service is connected to the BlackBerry® Enterprise Serverusing the BlackBerry Attachment Connector.

Changing this rule to False does not prevent a user from downloading or viewing native attachments on a BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.2 for messages and version 5.0 for calendar entries• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule in BlackBerry Device Software version 4.0 or later.

Confirm External Image Download IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device displays a confirmation dialog box when a BlackBerry device user clicks the GetImages link in an HTML-formatted email message.

Default valueThe default value is False.

Usage

Policy Reference Guide Email Messaging policy group

95

Page 98: BlackBerry Enterprise Server - Telef³nica Czech Republic

The message that the confirmation dialog box displays informs users that they might expose their email addresses if they downloadan image from the Internet. If you change this rule to True, BlackBerry device users must verify whether they want to downloadan image each time they click the Get Images link in an HTML-formatted email message.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0• BlackBerry® Small Business Server version 4.1 SP6

Disable Form Submission IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device user can send email messages that include embedded forms.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.5• BlackBerry® Enterprise Server version 4.1 SP5

Disable Manual Download of External Images IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device user can manually request to view URL-referenced content (such as pictures)that is embedded in email messages.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.5• BlackBerry® Enterprise Server version 4.1 SP5

Disable Notes Native Encryption Forward And Reply IT policy rule

Description

Policy Reference Guide Email Messaging policy group

96

Page 99: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether to prevent a BlackBerry® device user from forwarding and replying to received IBM® Lotus® Domino®encrypted email messages from a BlackBerry device. By default, a BlackBerry device user with support for reading IBM LotusDomino encrypted email messages on a BlackBerry device can forward or reply to encrypted email messages that were received,decrypted, and decompressed on the BlackBerry device. The BlackBerry Messaging Agent for IBM Lotus Domino decrypts emailmessages before a BlackBerry device sends email messages to the recipient as plain text.

For more information about reading IBM Lotus Domino encrypted email messages on a BlackBerry device, see the BlackBerryEnterprise Solution Security Technical Overview.

Default valueThe default value is False.

UsageIf you change this rule to True, a BlackBerry device user cannot forward or reply to received IBM Lotus Domino encrypted emailmessages on the BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Disable Rich Content Email IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device can receive email messages in rich text or HTML format.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.5• BlackBerry® Enterprise Server version 4.1 SP5

Enable Wireless Message Reconciliation IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device supports wireless email reconciliation.

When a user moves or deletes email messages on a BlackBerry device or in the email application on a computer, or marks messagesas opened or unopened, the BlackBerry Messaging Agent reconciles the changes over the wireless network.

Default value

Policy Reference Guide Email Messaging policy group

97

Page 100: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is True.

UsageIf you configure this rule to True, or if the rule is not part of the IT policy that you assigned to a user, by default, wireless emailreconciliation is turned on for both the BlackBerry device and BlackBerry® Enterprise Server.

Minimum requirements• C++ based BlackBerry device that is running BlackBerry® Device Software version 2.6• Java® based BlackBerry device that is running BlackBerry Device Software version 3.6• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 1.2, 2.0, 2.1, or 4.0 (internal)• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are runningBlackBerry Device Software version 4.0 or later.

Inline Content Requests IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device user can send messages with inline content and view inline content automaticallyin messages received on the BlackBerry device.

Default valueThe default value is Automatic allowed.

UsageIf you change this rule to Manual only, a BlackBerry device user can continue to request inline content in messages manually.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.5• BlackBerry® Enterprise Server version 4.1 SP5

Keep Message Duration IT policy rule

DescriptionThis rule specifies the maximum time (in days) that a BlackBerry® device keeps messages. The permitted range is -1 through 180days.

Default value

Policy Reference Guide Email Messaging policy group

98

Page 101: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is -1. A BlackBerry device keeps messages indefinitely.

UsageConfigure this rule to 0 or -1 to keep messages on a BlackBerry device indefinitely.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Keep Saved Message Duration IT policy rule

DescriptionThis rule specifies the maximum time (in days) that a BlackBerry® device keeps saved messages. The permitted range is -1 through180 days.

Default valueThe default value is -1. A BlackBerry device keeps saved messages indefinitely.

UsageConfigure this rule to 0 or -1 to keep saved messages on a BlackBerry device indefinitely.

Configure this rule to -2 to delete saved messages and turn off the ability to save messages on a BlackBerry device that is runningBlackBerry® Device Software version 4.5 or later.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Maximum Native Attachment MFH attachment size IT policy rule

DescriptionThis rule specifies the maximum size (in bytes) of a standard attachment that can be uploaded from a BlackBerry® device. Thepermitted range is 0 through 3 MB.

Default valueThe default value is 3 MB.

Minimum requirements

Policy Reference Guide Email Messaging policy group

99

Page 102: BlackBerry Enterprise Server - Telef³nica Czech Republic

• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Maximum Native Attachment MFH total attachment size IT policy rule

DescriptionThis rule specifies the total size (in bytes) of all standard attachments that can be uploaded from a BlackBerry® device. Thepermitted range is 0 through 5 MB.

Default valueThe default value is 5 MB.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Maximum Native Attachment MTH attachment size IT policy rule

DescriptionThis rule specifies the maximum size (in KB) of a single standard attachment that a user can download to a BlackBerry® device.The permitted range is 0 through 1,048,576 KB.

Default valueThe default value is 10,240 KB.

UsageChange this rule to 0 to turn off the ability to download standard attachments on a BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.5• BlackBerry® Enterprise Server version 4.1 SP5

Notes Native Encryption Password Timeout IT policy rule

Description

Policy Reference Guide Email Messaging policy group

100

Page 103: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies the maximum length of time (in minutes) that a BlackBerry® device stores the IBM® Lotus Notes® .id passwordthat a user types. The permitted range is -1 through 32,767.

Default valueThe default value is -1, which indefinitely stores the password that the user types.

UsageChange this rule to 0 to never store the password that a user types on a BlackBerry device. If you do this, you should also preventthe BlackBerry® Enterprise Server from storing a copy of the password by default.

For more information on changing the BlackBerry Enterprise Server default behavior, visit www.blackberry.com/support to readPrevent the BlackBerry Enterprise Server from storing the password for decrypting IBM Lotus Notes-encrypted messages.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.3• BlackBerry Enterprise Server version 4.1 SP5

Prepend Disclaimer IT policy rule

DescriptionThis rule specifies the disclaimer that appears at the beginning of all email messages that a user sends from a BlackBerry® device.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.1.2• BlackBerry® Enterprise Server version 4.0 SP5

Require Notes Native Encryption For Outgoing Messages IT policy rule

DescriptionThis rule specifies whether a user can send messages using IBM® Lotus Notes® encryption.

Default valueThe default value is False.

Usage

Policy Reference Guide Email Messaging policy group

101

Page 104: BlackBerry Enterprise Server - Telef³nica Czech Republic

Change this rule to True to permit a user to send messages using IBM Lotus Notes encryption. If necessary, the BlackBerry®device prompts a user for the IBM Lotus Notes encryption passwords. A BlackBerry device does not perform IBM Lotus Notesencryption itself; it configures sent messages for IBM Lotus Notes encryption by the BlackBerry® Enterprise Server.

This rule does not affect messages sent from a BlackBerry device using email services that do not support IBM Lotus Notesencryption.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry Enterprise Server version 5.0

Enterprise Voice Client policy group

Disable DTMF Fallback IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device can use the DTMF call format for outgoing calls if the outgoing calls using aprotocol format fail because of inadequate wireless coverage levels. The DTMF call format uses weaker authentication than theprotocol call format.

Default valueThe default value is False.

UsageChange this rule to True to prevent outgoing calls if the protocol format cannot be used.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Enterprise Server version 4.1 SP4

Disable Enterprise Voice Client IT policy rule

DescriptionThis rule specifies whether enterprise voice is available on a BlackBerry® device.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device

Policy Reference Guide Enterprise Voice Client policy group

102

Page 105: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Enterprise Server version 4.1 SP4

Lock Outgoing Line IT policy rules

DescriptionThis rule specifies whether to prevent using the enterprise voice number for outgoing calls.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Enterprise Server version 4.1 SP4

Reject Non-Enterprise Voice Calls IT policy rule

DescriptionThis rule specifies whether the BlackBerry® device accepts incoming calls only if they are sent through the BlackBerry® EnterpriseServer.

Default valueThe default value is False.

UsageThis rule is obsolete in BlackBerry Enterprise Server versions 4.1 SP4 and later.

Minimum requirements• Java® based BlackBerry device• BlackBerry Enterprise Server version 4.1 SP4

External Display policy group

Display Notification Details IT policy rule

DescriptionThis rule specifies when notifications appear on the external display of BlackBerry® Pearl™ 8220 and BlackBerry® 8210smartphones.

Default value

Policy Reference Guide External Display policy group

103

Page 106: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value in the Advanced security and Advanced security (disallow application downloads) IT policies is Only whenunlocked.

The default value in all other preconfigured IT policies is Always.

UsageChange this rule to Never to never display notification messages on the external display.

Minimum requirements• Java® based BlackBerry Pearl 8220 device• Java based BlackBerry 8210 device• BlackBerry® Device Software version 4.6• BlackBerry® Enterprise Server version 4.1 SP6

Include Message Text in Notification Details IT policy rule

DescriptionThis rule specifies whether preview text for notifications appears on the external display of BlackBerry® Pearl™ 8220 andBlackBerry® 8210 smartphones.

Default valueThe default value is False.

DependenciesA BlackBerry device uses this rule only if the Display Notification Details IT policy rule is configured to Only when unlocked orAlways.

Minimum requirements• Java® based BlackBerry Pearl 8220 device• Java based BlackBerry 8210 device• BlackBerry® Device Software version 4.6• BlackBerry® Enterprise Server version 4.1 SP6

Firewall policy group

Restrict Incoming Cellular Calls IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device firewall blocks calls that a user receives unless the calls use a fixed dialing pattern.

Policy Reference Guide Firewall policy group

104

Page 107: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule does not affect emergency calls.

Default valueThe default value is a null value.

UsageType one or more fixed dialing patterns (for example, specific dialing numbers, or a set of dialing numbers with the same prefix)separated by a semi-colon (;).

To receive calls from numbers that are preceded by 1 or +1 only, type +1...;1...

To deny receiving calls using a specific pattern, append r to that pattern. For example, type 011...r to deny receiving calls in theformat 011xxxxxxxxxx.

To indicate that all other patterns are denied, type r in the pattern list. For example, to receive calls from the number 519-555-1234only, type +15195551234;15195551234;5195551234;r.

DependenciesBlackBerry device users must subscribe to caller ID to use this rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.3• BlackBerry® Enterprise Server version 4.1 SP5

Restrict Outgoing Cellular Calls IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device firewall blocks calls that a user makes unless the calls use a fixed dialing pattern.

This rule does not affect emergency calls.

Default valueThe default value is a null value.

UsageType one or more fixed dialing patterns (for example, specific dialing numbers, or a set of dialing numbers with the same prefix)separated by a semi-colon (;).

To make calls to numbers that are preceded by 1 or +1 only, type +1...;1...

To deny making calls using a specific pattern, append r to that pattern. For example, type 011...r to deny making calls in theformat 011xxxxxxxxxx.

Policy Reference Guide Firewall policy group

105

Page 108: BlackBerry Enterprise Server - Telef³nica Czech Republic

To indicate that all other patterns are denied, type r in the pattern list. For example, to make calls to the number 519-555-1234only, type +15195551234;15195551234;5195551234;r.

DependenciesA BlackBerry device user must subscribe to caller ID to use this rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.3• BlackBerry® Enterprise Server version 4.1 SP5

Instant Messaging policy group

Disable Address Book Lookup for Enterprise Messenger IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device user can add a contact to a BlackBerry device by searching the contact list whenthe user uses a collaboration client (such as the BlackBerry® Client for use with Microsoft® Office Communications Server 2007).

Default valueThe default value is False.

UsageThe contact list search can return an email address that a user cannot use to add a contact because the search does not returnthe correct SIP address.

Change this rule to True to permit contact list searches.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.1 SP6

Disable Emailing Conversation IT policy rule

DescriptionThis rule specifies whether a user can send an instant messaging conversation in an email message from a BlackBerry® device.

Default value

Policy Reference Guide Instant Messaging policy group

106

Page 109: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.1 SP6

Disable Saving Conversation IT policy rule

DescriptionThis rule specifies whether a user can save an instant messaging conversation to a BlackBerry® device or a media card.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.1 SP6

Disallow File Transfer Types IT policy rule

DescriptionThis rule specifies the types of files that a BlackBerry® device user cannot send using an instant messaging application on aBlackBerry device.

Default valueThe default value is a null value. The user can send all file types.

UsageSpecify the extensions of the disallowed file types in a comma-delimited format (for example, bat, exe, mp3) to prevent a userfrom sending specific file types.

Configure this rule to "*" to prevent a user from sending any file type.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.1 SP6

Location Based Services policy group

Policy Reference Guide Location Based Services policy group

107

Page 110: BlackBerry Enterprise Server - Telef³nica Czech Republic

Allow Geolocation Service IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device can use the geolocation service to identify the geographic location of a BlackBerrydevice user.

Default valueThe default value is True.

UsageChange this rule to False to turn off the geolocation service for a BlackBerry device.

DependenciesThis service is available only on BlackBerry devices that have internal GPS capability.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0• BlackBerry® Small Business Server version 4.1 SP6

Disable BlackBerry Maps IT policy rule

DescriptionThis rule specifies whether the BlackBerry® Maps feature is turned on.

Default valueThe default value is False.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry® Enterprise Server version 4.0 SP6

Enable Enterprise Location Tracking IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device can use the GPS feature to report its location to the BlackBerry® Small BusinessServer regularly. A BlackBerry device user must click Yes when prompted to permit location tracking on a BlackBerry device.

Default value

Policy Reference Guide Location Based Services policy group

108

Page 111: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is False. The default interval is 15 minutes.

UsageChange this rule to True to permit a BlackBerry device user to require that a BlackBerry device report its location to the BlackBerrySmall Business Server at regular intervals. You can use the Enterprise Location Tracking Interval IT policy rule to change theinterval.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.2• BlackBerry Enterprise Server version 4.1 SP3

Enterprise Location Tracking Interval IT policy rule

DescriptionThis rule specifies the length of time (in minutes) between location reports sent by a BlackBerry® device to the BlackBerry® SmallBusiness Server. The permitted range is 15 through 60 minutes.

Default valueThe default value is 15 minutes.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.2• BlackBerry Enterprise Server version 4.1 SP3

Enterprise Location Tracking User Prompt Message IT policy rule

DescriptionThis rule specifies the message that a BlackBerry® device displays to notify a user that the BlackBerry® Small Business Server istracking the location of the BlackBerry device.

Default valueThe default value is "Your location is now being tracked at the server."

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.2• BlackBerry Enterprise Server version 4.1 SP3

Policy Reference Guide

109

Page 112: BlackBerry Enterprise Server - Telef³nica Czech Republic

MDS Integration Service policy group

Allow Access to Multiple Domains IT policy rule

DescriptionThis rule specifies whether to permit users to install a BlackBerry® MDS Runtime Application that uses multiple web services ona BlackBerry device.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.5• BlackBerry® Enterprise Server version 5.0• BlackBerry® Application Suite version 1.0

Allow Discovery By User IT policy rule

DescriptionThis rule specifies whether to prevent a user from searching for and installing BlackBerry® MDS Runtime Applications on aBlackBerry device.

Default valueThe default value is True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.5• BlackBerry® Enterprise Server version 5.0• BlackBerry® Application Suite version 1.0

Disable Activation With Public BlackBerry MDS Integration Service IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device user from initiating a connection with the public BlackBerry MDSIntegration Service.

Default value

Policy Reference Guide MDS Integration Service policy group

110

Page 113: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.1 SP2

Disable MDS Runtime IT policy rule

DescriptionThis rule specifies whether the BlackBerry® MDS Runtime is available on a BlackBerry device.

Default valueThe default value is False.

UsageChange this rule to True to prevent a user from activating the BlackBerry MDS Runtime.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP6

Disable User-Initiated Activation With Public BlackBerry MDS Integration Service IT policyrule

DescriptionThis rule specifies whether to prevent a BlackBerry® device user from initiating a connection with the BlackBerry MDS IntegrationService.

Default valueThe default value is False.

UsageChange this rule to True to prevent a user from initiating the BlackBerry MDS Integration Service connection.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0

Policy Reference Guide MDS Integration Service policy group

111

Page 114: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Enable Access to Device Data for MDS Runtime 4.3.0 and earlier IT policy rule

DescriptionThis rule specifies whether BlackBerry® MDS Runtime version 4.3.0 and earlier can access the organizer data, interprocesscommunication, and phone on a BlackBerry device.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.1.0• BlackBerry® Enterprise Server version 5.0

Lowest BlackBerry MDS Integration Service Security Version Allowed IT policy rule

DescriptionThis rule specifies the lowest security version permitted for the BlackBerry® MDS Integration Service.

Default valueThe default value is 1.

UsageChange this rule to 1 to permit a BlackBerry device that is running BlackBerry MDS Runtime version 1.1 or later to communicatewith all versions of the BlackBerry MDS Integration Service.

Change this rule to 2 to permit a BlackBerry device that is running BlackBerry MDS Runtime version 1.1 or later to communicatewith BlackBerry MDS Integration Service version 4.1 SP2 or later only.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Queue Limit for Inbound Application Messages IT policy rule

Description

Policy Reference Guide MDS Integration Service policy group

112

Page 115: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies the maximum number of incoming messages from BlackBerry® MDS Runtime that can be queued locally ona BlackBerry device. The permitted range is 0 through 1000 messages.

Default valueThe default value is 8 messages.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.5• BlackBerry® Enterprise Server version 5.0

Queue Limit for Outbound Application Messages IT policy rule

DescriptionThis rule specifies the number of outgoing messages from BlackBerry® MDS Runtime that can be queued locally on a BlackBerrydevice. The permitted range is 0 through 1000 messages.

Default valueThe default value is 16 messages.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.5• BlackBerry® Enterprise Server version 5.0

Verify BlackBerry MDS Integration Service Certificate IT policy rule

DescriptionThis rule specifies whether the BlackBerry® MDS Runtime verifies the BlackBerry MDS Integration Service certificate.

Default valueThe default value is Flase. The BlackBerry MDS Integration Service permits unauthenticated connections from a BlackBerry devicethat is running BlackBerry MDS Runtime version 1.1 or later.

UsageIf you change this rule to True, the BlackBerry MDS Integration Service does not permit unauthenticated connections from aBlackBerry device that is running BlackBerry MDS Runtime version 1.1 or later.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2

Policy Reference Guide MDS Integration Service policy group

113

Page 116: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Enterprise Server version 4.0 SP6

Memory Cleaner policy groupFor more information about cleaning the BlackBerry® device memory, see the BlackBerry Enterprise Solution Security TechnicalOverview.

Force Memory Clean When Closed IT policy rule

DescriptionThis rule specifies whether BlackBerry® Pearl™ 8220 and BlackBerry® 8210 smartphones run the memory cleaner applicationwhen the flip is closed.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry Pearl 8220 device• Java based BlackBerry 8210 device• BlackBerry® Device Software version 4.6• BlackBerry® Enterprise Server version 4.1 SP6• BlackBerry® Application Suite version 1.0

Force Memory Clean When Holstered IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device cleans its memory while in the BlackBerry device holster.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• S/MIME Support Package for BlackBerry® smartphones version 1.5• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 4.0 SP3

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Policy Reference Guide Memory Cleaner policy group

114

Page 117: BlackBerry Enterprise Server - Telef³nica Czech Republic

Force Memory Clean When Idle IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device cleans its memory during periods of user inactivity.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• S/MIME Support Package for BlackBerry® smartphones version 1.5• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 4.0 SP3

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Memory Cleaner Maximum Idle Time IT policy rule

DescriptionThis rule specifies the maximum time (in minutes) that a BlackBerry® device can be inactive before the BlackBerry device cleansits memory. The permitted range is 1 through 60 minutes.

Default valueThe default value is 60 minutes.

DependenciesA BlackBerry device uses this rule only if you configure the Force Memory Clean When Idle IT policy rule to True.

Minimum requirements• Java® based BlackBerry device• S/MIME Support Package for BlackBerry® smartphones version 1.5• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 4.0 SP3

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Policy Reference Guide Memory Cleaner policy group

115

Page 118: BlackBerry Enterprise Server - Telef³nica Czech Republic

Chalk Pushcast Software policy group

Allow Launch of Chalk Pushcast Software IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device user can open the Chalk™ Pushcast™ Player application on a BlackBerry device.

Default valueThe default value is True.

UsageChange this rule to False to prevent the BlackBerry device user from opening the Chalk Pushcast Player application.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Enterprise Server version 4.1 SP7

On-Device Help policy group

On-Device Help Group Label IT policy rule

DescriptionThis rule specifies a label to use for multiple links in the help on a BlackBerry® device.

Default valueThe default value is a null value.

DependenciesConfigure a group label if you specify multiple links using the On-Device Help Links IT policy rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP3

Policy Reference Guide Chalk Pushcast Software policy group

116

Page 119: BlackBerry Enterprise Server - Telef³nica Czech Republic

On-Device Help Links IT policy rule

DescriptionThis rule specifies links to add to the index page of the help on a BlackBerry® device.

Default valueThe default value is a null value.

UsageSpecify links using the following format: <uri1|label1|>...<|urix|labelx> .

DependenciesIf you specify multiple links, you should also configure a label in the On-Device Help Group Label IT policy rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP3

Password policy groupA BlackBerry® device uses the IT policy rules in the Password policy group only if, in the Device Only items, you configure thePassword Required IT policy rule to True. For more information about using passwords on BlackBerry devices, see the BlackBerryEnterprise Solution Security Technical Overview.

Duress Notification Address IT policy rule

DescriptionThis rule specifies the email address that is notified when users type their BlackBerry® device passwords under duress. Userscan indicate that they are unlocking their devices against their will by moving the first character of the password to the end. Forexample, if a BlackBerry device password is blackberry, the duress password is lackberryb.

If you configure this rule, the maximum number of password attempts is reduced by half. Each time a user types a password tounlock a BlackBerry device, the BlackBerry device must verify whether the password is either the correct password or the duresspassword.

Default valueThe default value is a null value.

Usage

Policy Reference Guide Password policy group

117

Page 120: BlackBerry Enterprise Server - Telef³nica Czech Republic

Configure this rule to permit a user to notify you that a BlackBerry device might have been stolen. Instruct users how to use theduress password feature.

To prevent an unlocked BlackBerry device that was stolen from receiving a response to the duress notification, the email addressthat you specify should be active and you should not configure an out-of-office reply for it.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Forbidden Passwords IT policy rule

DescriptionThis rule specifies the passwords that a BlackBerry® device user cannot use. Separate multiple passwords with a comma (,).

Default valueThe default value is a null value.

Usage

By default, a BlackBerry device prevents a user from configuring passwords that use a natural sequence of characters or numbers.If a user inserts a symbol into a natural sequence, a BlackBerry device can use the password.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP2

Maximum Password History IT policy rule

DescriptionThis rule specifies the maximum number of previous passwords that a BlackBerry® device checks new passwords against toprevent a user from reusing previous passwords.

Default valuesThe default value in the Advanced security and Advanced security (disallow application downloads) IT policies is 10.

The default value in all other preconfigured IT policies is 0. Password checking is turned off.

Minimum requirements

Policy Reference Guide Password policy group

118

Page 121: BlackBerry Enterprise Server - Telef³nica Czech Republic

• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 1.2, 2.0, 2.1, or 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.

Periodic Challenge Time IT policy rule

DescriptionThis rule specifies the security timeout interval (in minutes) after which a BlackBerry® device locks and prompts a user to typea password, regardless of whether the BlackBerry device was active during that interval.

Default valueIf you change the Enable Long-Term Timeout IT policy rule to True, by default the security timeout interval is turned on and setto 60 minutes.

UsageType a periodic challenge time to shorten or extend the security timeout interval to a value that is within the range of 1 to 1440minutes.

DependenciesA BlackBerry device uses this rule only if a password is configured on the BlackBerry device. To require that a user configure apassword, configure the Password Required IT policy rule to True. You can also change the User Can Change Timeout IT policyrule to False so that a user cannot change the timeout settings on a BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Set Maximum Password Attempts IT policy rule

Description

Policy Reference Guide Password policy group

119

Page 122: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies the number of password attempts that a user can make before a BlackBerry® device permanently deletes allof the application data. The permitted range is 3 through 10 attempts.

Default valueThe minimum number of password attempts is 3.

UsageThe maximum number of password attempts is 10. Use this rule to lower the number of password attempts.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 1.2, 2.0, 2.1, or 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 4.0

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule in BlackBerry Device Software versions 4.0 and later.

Set Password Timeout IT policy rule

DescriptionThis rule specifies the number of minutes of inactivity before the security timeout occurs and a BlackBerry® device user musttype the password to unlock the BlackBerry device.

Default valueFor BlackBerry® Device Software versions earlier than version 4.7, the default value is 2 minutes.

For BlackBerry Device Software version 4.7 and later, the default value is 30 minutes.

UsageUse this rule to change the default security timeout interval.

DependenciesA BlackBerry device uses this rule only if you change the Password Required IT policy rule is True.

If you do not change the User Can Change Timeout IT policy rule to False, the user can change the security timeout to any value.

By default, the maximum security timeout interval is 60 minutes.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 1.2, 2.0, 2.1, or 4.0

Policy Reference Guide Password policy group

120

Page 123: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry Device Software version 3.6• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.

Suppress Password Echo IT policy rule

DescriptionThis rule specifies whether, after a given number of incorrect password attempts, the characters that a user types in the Passworddialog box appear on the screen.

Default valueThe default value is True.

DependenciesThe BlackBerry® device uses this rule only if a password is set on the BlackBerry device. To require a password, set the PasswordRequired rule to True.

To specify the number of incorrect password attempts that the BlackBerry device permits before the typed characters appear onthe screen, configure the Set Maximum Password Attempts rule.

If you configure the FIPS Level IT policy rule to 2, by default, the characters that a user types do not appear on the screen.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 1.2, 2.0, 2.1, or 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 3.5 for Microsoft® Exchange, BlackBerry® Enterprise Server version 4.0 for IBM®

Lotus® Domino®, or BlackBerry® Enterprise Server version 4.0 for Novell® GroupWise®

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.

PIM Synchronization policy group

Disable Address Wireless Synchronization IT policy rule

Description

Policy Reference Guide PIM Synchronization policy group

121

Page 124: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether wireless data synchronization for the address book on a BlackBerry® device is turned off.

Default valueThe default value is False.

Minimum requirements• C++ based BlackBerry device that is running BlackBerry® Device Software version 2.7• Java® based BlackBerry device that is running BlackBerry Device Software version 4.0• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Enterprise Server version 4.0

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule only for Java based BlackBerry devices.

Disable All Wireless Synchronization IT policy rule

DescriptionThis rule specifies whether wireless data synchronization is turned off.

Default valueThe default value is False.

UsageChange this rule to True to turn off all wireless data synchronization, except wireless email reconciliation. Changing the ruleprevents the following actions:• wireless synchronization of contact entries, calendar entries, email message filters, tasks, and memos• wireless synchronization of all logging information• wireless backup of data, including device configuration data• wireless bulk loads• activation of BlackBerry® devices over the wireless network

When you change this rule, wireless synchronization of all logging on the BlackBerry device, including phone call logs, PINmessage logs, and SMS message logs, is turned off, and log information is not available for compliance purposes.

The BlackBerry device does not report its IT policy time, model name, BlackBerry® Device Software version, phone number, orSIM information to the BlackBerry® Enterprise Server, although you can verify this information on the BlackBerry device.

If you apply this rule, the user account name no longer appears in the SyncDeviceMgmtSummary table in the BlackBerryConfiguration Database.

Minimum requirements• C++ based BlackBerry device that is running BlackBerry Device Software version 2.7• Java® based BlackBerry device that is running BlackBerry Device Software version 4.0• BlackBerry® Application Suite version 1.0

Policy Reference Guide PIM Synchronization policy group

122

Page 125: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry Enterprise Server version 4.0

Disable Calendar Wireless Synchronization IT policy rule

DescriptionThis rule specifies whether wireless data synchronization for the calendar is turned off.

Default valueThe default value is False.

Minimum requirements• C++ based BlackBerry device that is running BlackBerry Device Software version 2.7• Java® based BlackBerry® device that is running BlackBerry® Device Software version 4.0• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Enterprise Server version 4.0

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule only for Java based BlackBerry devices.

Disable Enterprise Activation Progress IT policy rule

DescriptionThis rule specifies whether the Home screen displays enterprise activation progress.

Default valueThe default value is True. Activation progress does not appear on the Home screen.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Disable Memopad Wireless Sync IT policy rule

DescriptionThis rule specifies whether wireless data synchronization for memos is turned off.

Default value

Policy Reference Guide PIM Synchronization policy group

123

Page 126: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is False.

Minimum requirements• C++ based BlackBerry® device that is running BlackBerry® Device Software version 2.7• Java® based BlackBerry device that is running BlackBerry Device Software version 4.0• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Enterprise Server version 4.0

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule only for Java based BlackBerry devices.

Disable Phone Call Log Wireless Synchronization IT policy rule

DescriptionThis rule specifies whether wireless data synchronization for call logs is turned off.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP6

Disable PIN Messages Wireless Synchronization IT policy rule

DescriptionThis rule specifies whether wireless data synchronization for PIN messages is turned off.

Default valueThe default value is True.

UsageIf you change this rule to False, the BlackBerry® Enterprise Server logs all PIN messages in unencrypted format to the log filethat you specify. Make sure that the log file is in a location that restricts internal and external user access.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.1

Policy Reference Guide PIM Synchronization policy group

124

Page 127: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry Enterprise Server version 4.0 SP6

Disable SMS Messages Wireless Sync IT policy rule

DescriptionThis rule specifies whether wireless data synchronization for SMS text messages is turned off.

Default valueThe default value is True.

UsageIf you change this rule to False, the BlackBerry® Enterprise Server logs all SMS text messages in unencrypted format to the logfile that you specify. Make sure that the log file is in a location that restricts internal and external user access.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.1• BlackBerry Enterprise Server version 4.0 SP6

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule in BlackBerry Device Software version 4.0 or later.

Disable Task Wireless Sync IT policy rule

DescriptionThis rule specifies whether wireless data synchronization for tasks is turned off.

Default valueThe default value is False.

Minimum requirements• C++ based BlackBerry® device that is running BlackBerry® Device Software version 2.7• Java® based BlackBerry device that is running BlackBerry Device Software version 4.0• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Enterprise Server version 4.0

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this IT policy rule only for Java based BlackBerry devices.

Policy Reference Guide PIM Synchronization policy group

125

Page 128: BlackBerry Enterprise Server - Telef³nica Czech Republic

Disable Wireless Bulk Loads IT policy rule

DescriptionThis rule specifies whether wireless data synchronization, during activation or as part of a backup and restore operation, is turnedoff.

Default valueThe default value is False.

UsageChange this rule to True to minimize wireless data transfers when activating or updating a BlackBerry® device. A BlackBerrydevice must be physically connected to a computer before the data transfer starts.

If a BlackBerry device is disconnected from the computer during the initial data transfer, the BlackBerry® Desktop Software sendsthe remaining data over the wireless network.

Minimum requirements• C++ based BlackBerry device that is running BlackBerry® Device Software version 2.7• Java® based BlackBerry device that is running BlackBerry Device Software version 4.0• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Enterprise Server version 4.0

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule only for Java based BlackBerry devices that arerunning BlackBerry Device Software version 4.0 or later.

PGP Application policy groupThe IT policy rules in the PGP® Application policy group apply to BlackBerry® devices running the PGP® Support Package forBlackBerry smartphones. For more information about using the PGP Support Package for BlackBerry smartphones, see the PGPSupport Package for BlackBerry Devices Security Technical Overview.

PGP Allowed Content Ciphers IT policy rule

DescriptionThis rule specifies the encryption algorithms that a BlackBerry® device can use to encrypt PGP® protected messages.

Default valueThe default value is to use all supported algorithms.

Usage

Policy Reference Guide PGP Application policy group

126

Page 129: BlackBerry Enterprise Server - Telef³nica Czech Republic

Specify the content ciphers that a BlackBerry device can use to encrypt PGP messages from the following list:

• AES (256-bit)• AES (192-bit)• AES (128-bit)• CAST (128-bit)• Triple DES

To maintain compatibility with most PGP clients, use Triple DES encryption and CAST. By default, a BlackBerry device is designedto encrypt email messages using Triple DES encryption if it does not know the decryption capabilities available to a recipient.

DependenciesIf you configure the FIPS Level IT policy rule to 2, a BlackBerry device uses AES (256-bit), AES (192-bit), AES (128-bit), and TripleDES encryption.

Minimum requirements• Java® based BlackBerry device• PGP® Support Package for BlackBerry® smartphones version 4.1• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP2

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

PGP Allowed Encrypted Attachment Mode

DescriptionThis rule specifies the mode for retrieving PGP® protected attachment information on a BlackBerry® device.

Default valueThe default value is Automatic. A BlackBerry device requests decrypted attachment information from the BlackBerry® EnterpriseServer automatically when users open PGP protected messages that contain attachments.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.5• BlackBerry Enterprise Server version 4.1 SP5

PGP Allowed Encryption Types IT policy rule

Description

Policy Reference Guide PGP Application policy group

127

Page 130: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies the types of encryption that a BlackBerry® device can use with PGP® protected messaging.

Default valueThe default value is Both. The BlackBerry device uses PGP based encryption and conventional encryption.

Minimum requirements• Java® based BlackBerry device• PGP® Support Package for BlackBerry® smartphones version 4.0• BlackBerry® Device Software version 4.6• BlackBerry® Enterprise Server version 4.1 SP6

PGP Blind Copy Address IT policy rule

DescriptionThis rule specifies an email address that is added as a BCC recipient to all encrypted PGP® messages that a BlackBerry® devicesends.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry device• PGP® Support Package for BlackBerry® smartphones version 4.1• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP2

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

PGP Force Digital Signature IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device digitally signs all PGP® protected messages that it sends.

Default valueThe default value is False.

UsageIf you apply this rule, you might override secure email policy settings on the PGP Universal Server.

Minimum requirements

Policy Reference Guide PGP Application policy group

128

Page 131: BlackBerry Enterprise Server - Telef³nica Czech Republic

• Java® based BlackBerry device• PGP® Support Package for BlackBerry® smartphones version 4.1• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP2

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

PGP Force Encrypted Messages IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device encrypts all PGP® protected messages that it sends.

Default valueThe default value is False.

UsageIf you apply this rule, you might override secure email policy settings on the PGP Universal Server.

Minimum requirements• Java® based BlackBerry device• PGP® Support Package for BlackBerry® smartphones version 4.1• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP2

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

PGP Minimum Strong DH Key Length IT policy rule

DescriptionThis rule specifies the minimum Diffie-Hellman key size (in bits) to use with PGP® protected messages. The permitted range is512 through 4096 bits.

Default valueThe default value is 1024 bits.

Dependencies

Policy Reference Guide PGP Application policy group

129

Page 132: BlackBerry Enterprise Server - Telef³nica Czech Republic

Configure the Disable Weak Certificate Use IT policy rule to True to prevent a user from sending email messages using certificatesthat have corresponding weak public keys.

Minimum requirements• Java® based BlackBerry® device• PGP® Support Package for BlackBerry® smartphones version 4.1• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP2

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

PGP Minimum Strong DSA Key Length IT policy rule

DescriptionThis rule specifies the minimum DSA key size (in bits) to use with PGP® protected messages. The permitted range is 512 through1024 bits.

Default valueThe default value is 1024 bits.

DependenciesConfigure the Disable Weak Certificate Use IT policy rule to True to prevent a user from sending email messages using certificatesthat have corresponding weak public keys.

Minimum requirements• Java® based BlackBerry® device• PGP® Support Package for BlackBerry® smartphones version 4.1• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP2

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

PGP Minimum Strong RSA Key Length IT policy rule

Description

Policy Reference Guide PGP Application policy group

130

Page 133: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies the minimum RSA® key size (in bits) to use with PGP® protected messages. The permitted range is 512 through4096 bits.

Default valueThe default value is 1024 bits.

DependenciesConfigure the Disable Weak Certificate Use IT policy rule to True to prevent users from sending email messages using certificatesthat have corresponding weak public keys.

Minimum requirements• Java® based BlackBerry® device• PGP® Support Package for BlackBerry® smartphones version 4.1• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP2

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

PGP Universal Enrollment Method IT policy rule

DescriptionThis rule specifies the method that users must use to enroll with the PGP® Universal Server from a BlackBerry® device.

Default valueThe default value is Email-based enrolment. Users are prompted to type their email address.

UsageChange this rule to Domain username/password enrolment to prompt users to type their user name and password.

Users must submit their enrollment information before sending and receiving PGP protected messages on a BlackBerry device.

Minimum requirements• Java® based BlackBerry device• PGP® Support Package for BlackBerry® smartphones version 4.1• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP2

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Policy Reference Guide PGP Application policy group

131

Page 134: BlackBerry Enterprise Server - Telef³nica Czech Republic

PGP Universal Policy Cache Timeout IT policy rule

DescriptionThis rule specifies the length of time (in hours) that a BlackBerry® device caches the PGP® Universal Server address. The permittedrange is 4 through 48 hours.

Default valueThe default value is 24 hours.

Minimum requirements• Java® based BlackBerry device• PGP® Support Package for BlackBerry® smartphones version 4.1• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP2

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

PGP Universal Server Address IT policy rule

DescriptionThis rule specifies the address of your organization's PGP® Universal Server. The PGP Universal Server applies secure emailpolicies that the PGP Universal Server administrator configures.

Default valueThe default value is a null value.

UsageConfigure this rule to require the user to register with the PGP Universal Server. When registered, a BlackBerry® device with thePGP Support Package for BlackBerry® smartphones enforces compliance with the secure email policies for all email messages.

DependenciesIf you configure this rule, a user must install the PGP Support Package for BlackBerry smartphones on the BlackBerry device.

Minimum requirements• Java® based BlackBerry device• PGP® Support Package for BlackBerry® smartphones version 4.1• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.1

Policy Reference Guide PGP Application policy group

132

Page 135: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Enterprise Server version 4.0 SP2

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

RIM Value-Added Applications policy group

Allow Edits to BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule

DescriptionThis rule specifies whether a user can change the URL for the BlackBerry® Social Networking Application Proxy for IBM® Lotus®Quickr™ on a BlackBerry device.

Default valueThe default value is True. A BlackBerry device user can change the URL that you specify in the BlackBerry Social NetworkApplication Proxy URL for Lotus Quickr IT policy rule.

UsageIf you change this rule to False, a user cannot change the URL that you specify in the BlackBerry Social Network ApplicationProxy URL for Lotus Quickr IT policy rule.

DependenciesThis rule is related to the BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Enterprise Server version 4.1 SP7

Allow TiVo for BlackBerry application IT policy rule

DescriptionThis rule specifies whether the TiVo® for BlackBerry® application on the BlackBerry device is turned on.

Default valueThe default value is True. The TiVo for BlackBerry application is turned on.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.1 SP7

Policy Reference Guide RIM Value-Added Applications policy group

133

Page 136: BlackBerry Enterprise Server - Telef³nica Czech Republic

BlackBerry Social Network Application Proxy URL for Lotus Connections IT policy rule

DescriptionThis rule specifies the URL of the server that hosts the BlackBerry® Social Networking Application Proxy that the BlackBerry®Client for IBM® Lotus® Connections uses (for example, https://<server_name>:<port>/ lcs-230/services/).

Default valueThe default value is a null value.

UsageIf you configure this rule, you can use the Allow Edits to BlackBerry Social Network Application Proxy URL for Lotus ConnectionsIT policy rule to control whether the user can change the URL of the host server.

If you do not configure this rule, a user can access the host server by typing the URL on the BlackBerry device.

DependenciesThis rule is related to the Allow Edits to BlackBerry Social Network Application Proxy URL for Lotus Connections IT policy rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Enterprise Server version 5.0 SP1

BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule

DescriptionThis rule specifies the URL of the server that hosts the BlackBerry® Social Networking Application Proxy that the BlackBerry®Client for IBM® Lotus® Quickr™ uses (for example, https://<server_name>:<port>/qkr-100/services/).

Default valueThe default value is a null value.

UsageIf you configure this rule, you can use the Allow Edits to BlackBerry Social Network Application Proxy URL for Lotus Quickr ITpolicy rule to control whether the user can change the URL of the host server.

If you do not configure this rule, a user can access the host server by typing the URL on the BlackBerry device.

DependenciesThis rule is related to the Allow Edits to BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule.

Minimum requirements• Java® based BlackBerry device

Policy Reference Guide RIM Value-Added Applications policy group

134

Page 137: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Enterprise Server version 4.1 SP7

Disable BlackBerry Wallet IT policy rule

DescriptionThis rule specifies whether to prevent BlackBerry® Wallet from running on a BlackBerry device.

Default valueThe default value is False.

Minimum requirements• BlackBerry® Enterprise Server version 4.1 SP6

Disable Ecommerce Content Optimization Engine IT policy rule

DescriptionThis rule specifies whether to prevent the ecommerce content optimization engine for the BlackBerry® Browser from running ona BlackBerry device.

Default valueThe default value is False.

Minimum requirements• BlackBerry® Enterprise Server version 4.1 SP6

Disable Lotus Connections IT policy rule

DescriptionThis rule specifies whether to prevent IBM® Lotus® Connections from running on a BlackBerry® device.

Default valueThe default value is False.

Minimum requirements• BlackBerry® Enterprise Server version 4.1 SP6

Disable Organizer Data Access for Social Networking Applications

Description

Policy Reference Guide RIM Value-Added Applications policy group

135

Page 138: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether a BlackBerry® device must prevent social networking applications from accessing organizer data.

Default valueThe default value is False.

UsageIf you change the value to True, social networking applications such as Facebook® cannot have read or write access to the addressbook, calendar, and other organizer data.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry Enterprise Server version 5.0

Disable RIM Value-Added Applications IT policy rule

DescriptionThis rule specifies whether to prevent value-added applications that Research In Motion developed from running on a BlackBerry®device.

Default valueThe default value is False.

Minimum requirements• BlackBerry® Enterprise Server version 4.1 SP6

ExceptionsThis rule does not apply to some applications such as the following: Yahoo!® Messenger for BlackBerry® devices, Windows Live™Messenger for BlackBerry® devices, AOL® Instant Messenger™ service (AIM® service) for BlackBerry® devices, ICQ® forBlackBerry® devices, Google Talk™ for BlackBerry® devices, BlackBerry® Client for Microsoft® Office Communicator, BlackBerry®Client for IBM® Lotus® Sametime®, BlackBerry® Client for Novell® GroupWise® Messenger, BlackBerry® Messenger, BlackBerry®Maps, some public photo-sharing applications (for example, Flickr™ and Picasa®), Facebook®, the BlackBerry® MDS RuntimeApplication, or device diagnostic applications. For more information about the applications, see the application-specific IT policyrules.

Enable the "Tell A Friend" Feature in BlackBerry Client for Lotus Quickr IT policy rule

DescriptionThis rule specifies whether the Tell a Friend feature is turned on in the BlackBerry® Client for IBM® Lotus® Quickr™.

Default value

Policy Reference Guide RIM Value-Added Applications policy group

136

Page 139: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is True. The Tell a Friend feature is turned on.

UsageIf you change this rule to False, a user cannot send an invitation as an email message with a link that the recipient can use todownload the BlackBerry Client for IBM Lotus Quickr.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Enterprise Server version 4.1 SP7

Lotus Connections Activities Server IT policy rule

DescriptionThis rule specifies the address of the server that hosts the IBM® Lotus® Connections Activities component.

Default valueThe default value is a null value.

UsageIf you configure this rule, users can use the specified server address only.

If you do not configure this rule, users must specify the server address manually.

Minimum requirements• BlackBerry® Enterprise Server version 4.1 SP6

Lotus Connections Blogs Server IT policy rule

DescriptionThis rule specifies the address of the server that hosts the IBM® Lotus® Connections Blogs component.

Default valueThe default value is a null value.

UsageIf you configure this rule, users can use the specified server address only.

If you do not configure this rule, users must specify the server address manually.

Minimum requirements• BlackBerry® Enterprise Server version 4.1 SP6

Policy Reference Guide RIM Value-Added Applications policy group

137

Page 140: BlackBerry Enterprise Server - Telef³nica Czech Republic

Lotus Connections Communities Server IT policy rule

DescriptionThis rule specifies the address of the server that hosts the IBM® Lotus® Connections Communities component.

Default valueThe default value is a null value.

UsageIf you configure this rule, users can use the specified server address only.

If you do not configure this rule, users must specify the server address manually.

Minimum requirements• BlackBerry® Enterprise Server version 4.1 SP6

Lotus Connections Dogear Server IT policy rule

DescriptionThis rule specifies the address of the server that hosts the IBM® Lotus® Connections Dogear component.

Default valueThe default value is a null value.

UsageIf you configure this rule, users can use the specified server address only.

If you do not configure this rule, users must specify the server address manually.

Minimum requirements• BlackBerry® Enterprise Server version 4.1 SP6

Lotus Connections Profiles Server IT policy rule

DescriptionThis rule specifies the address of the server that hosts the IBM® Lotus® Connections Profiles component.

Default valueThe default value is a null value.

Usage

Policy Reference Guide RIM Value-Added Applications policy group

138

Page 141: BlackBerry Enterprise Server - Telef³nica Czech Republic

If you configure this rule, users can use the specified server address only.

If you do not configure this rule, users must specify the server address manually.

Minimum requirements• BlackBerry® Enterprise Server version 4.1 SP6

Secure Email policy groupThe IT policy rules in the Secure Email policy group apply to BlackBerry® devices that are running the S/MIME Support Packagefor BlackBerry® smartphones. For more information about using the S/MIME Support Package for BlackBerry smartphones, seethe S/MIME Support Package for BlackBerry Devices Security Technical Overview.

Canonical Certificate Domain Name IT policy rule

DescriptionThis rule specifies the domain name that is used for the email addresses that are contained in certificates that are issued withinyour organization.

Default valueThe default value is a null value.

UsageSpecify the domain name that is used for the email addresses contained in certificates that are issued within the organization.

This rule is intended for use in organizations where users' certificates contain a long-lived email address, but users typically sendemail messages from a shorter-lived email address with the same username component and a different domain component.

Use a comma (,) to separate multiple domain names.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Disable Certificate Address Checks IT policy rule

DescriptionThis rule specifies whether a warning appears if a BlackBerry® device user receives a signed email message and the sender'semail address does not appear in the certificate or the PGP® key that was used to sign the email message.

Default value

Policy Reference Guide Secure Email policy group

139

Page 142: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is False.

UsageConsider changing this rule to True if your organization’s certificates contain email addresses that are different from those thatusers typically use to send email messages.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Security policy group

Allow External Connections IT policy rule

DescriptionThis rule specifies whether applications, including third-party applications, can initiate external connections (for example, toWAP gateways).

Default valueThe default value is True.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server for IBM® Lotus® Domino® and BlackBerry® Enterprise Server for Novell® GroupWise® version

4.0• BlackBerry® Enterprise Server for Microsoft® Exchange version 3.6

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.

Allow Internal Connections IT policy rule

Description

Policy Reference Guide Security policy group

140

Page 143: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether applications, including third-party applications, can initiate internal connections (for example, to theBlackBerry® MDS Connection Service).

Default valueThe default value is True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server for IBM® Lotus® Domino® and BlackBerry® Enterprise Server for Novell® GroupWise® version

4.0• BlackBerry® Enterprise Server for Microsoft® Exchange version 3.6

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.

Allow Outgoing Call When Locked IT policy rule

DescriptionThis rule specifies whether users can place calls while a BlackBerry® device is locked.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server for IBM® Lotus® Domino® version 4.0• BlackBerry® Enterprise Server for Microsoft® Exchange version 3.6

Allow Resetting of Idle Timer IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device permits third-party applications to reset the inactivity timeout value on aBlackBerry device, bypassing the security timeout value.

Default value

Policy Reference Guide Security policy group

141

Page 144: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP4

Allow Screen Shot Capture IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device permits applications, including third-party applications, to take screen shots.

Default valueThe default value is True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.2• BlackBerry® Enterprise Server version 4.1 SP4

Allow Smart Card Password Caching IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device can cache the smart card password.

Default valueThe default value is False.

UsageChange this rule to True to cache the smart card password for the period of time that the private key timeout sets. The memorycleaner application deletes the password when the timeout expires.

DependenciesIf you configure this rule, you should also configure the Key Store Password Maximum Timeout IT policy rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Policy Reference Guide Security policy group

142

Page 145: BlackBerry Enterprise Server - Telef³nica Czech Republic

Allow Split-Pipe Connections IT policy rule

DescriptionThis rule specifies whether applications, including third-party applications, can open internal and external connections on aBlackBerry® device simultaneously.

Default valueThe default value is False.

UsageOpening internal and external connections simultaneously might present a security issue because applications can collect datafrom inside the firewall and send it outside the firewall without any auditing.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server for IBM® Lotus® Domino® and BlackBerry® Enterprise Server for Novell® GroupWise® version

4.0• BlackBerry® Enterprise Server for Microsoft® Exchange version 3.6

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.

Allow Third Party Apps to Use Persistent Store IT policy rule

DescriptionThis rule specifies whether third-party applications can use the persistent store API on a BlackBerry® device.

Default valueThe default value is True.

UsageThis rule is obsolete in BlackBerry® Enterprise Server version 3.6 SP2.

In later versions of the BlackBerry Enterprise Server , use the Is access to the interprocess communication API allowed applicationcontrol policy rule to specify whether applications can access the persistent store API.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0

Policy Reference Guide Security policy group

143

Page 146: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server for Microsoft® Exchange version 3.6

Allow Third Party Apps to Use Serial Port IT policy rule

DescriptionThis rule specifies whether third-party applications can use the serial port, IrDA® port, or USB port on a BlackBerry® device.

Default valueThe default value is True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server for IBM® Lotus® Domino® and BlackBerry® Enterprise Server for Novell® GroupWise® version

4.0• BlackBerry® Enterprise Server for Microsoft® Exchange version 3.6

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.

Allowed Authentication Mechanisms IT policy rule

DescriptionThis rule specifies the types of authentication mechanisms that a BlackBerry® device user can turn on. Authentication mechanismscontrol access to a BlackBerry device.

Default valueThe default value is Allowed. Any authentication mechanism permits a user access to a BlackBerry device.

UsageTo permit a user to turn on a specific authentication mechanism, configure this rule to one of the following mechanisms:• Smartcard• Fingerprint• Smartcard and Fingerprint• Proximity• Other

You can control other authentication mechanisms using the User Authenticator API application control policy rule.

Dependencies

Policy Reference Guide Security policy group

144

Page 147: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule takes priority over the Force Smart Card Two Factor Authentication IT policy rule. For example, if you configure this ruleto prevent smart card authentication but the Force Smart Card Two Factor Authentication IT policy rule is configured to True,smart card authentication is not forced.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0

Certificate Status Maximum Expiry Time IT policy rule

DescriptionThis rule specifies the maximum length of time (in hours) that a certificate status can remain on a BlackBerry® device before itshould be updated in the key store on the BlackBerry device and in the certificate synchronization tool of the BlackBerry® DesktopManager. The permitted range is 1 through 4380 hours.

Default valueThe default value is a null value. The certificate status can remain on the BlackBerry device indefinitely.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Content Protection of Contact List IT policy rule

DescriptionThis rule specifies whether a user can choose to encrypt the contact list on a BlackBerry® device when content protection isturned on.

The previous name of this rule was Force Include Address Book In Content Protection.

Default valueThe default value in the Advanced security and Advanced security (disallow application downloads) IT policies is Required. TheBlackBerry device does not permit call display and does not share contacts over a Bluetooth® connection when the BlackBerrydevice is locked.

The default value in all other preconfigured IT policies is Allowed. A user can choose to either exclude the contact list from contentprotection or include it in content protection.

Usage

Policy Reference Guide Security policy group

145

Page 148: BlackBerry Enterprise Server - Telef³nica Czech Republic

For BlackBerry devices that are running BlackBerry® Device Software version 5.0 and later, change this rule to Disallowed toturn off the option. The contact list is not content-protected, and the user cannot change this setting on the BlackBerry device.

BlackBerry devices that are running BlackBerry Device Software versions that are earlier than version 5.0 process the Disallowedsetting in the same way that they process the Required setting.

If the contact list is content-protected, when the BlackBerry device is locked, the BlackBerry device does not permit call displayand does not share contacts over a Bluetooth connection.

If the contact list is not content-protected, when the BlackBerry device is locked, the BlackBerry device permits call display andcan share contacts over a Bluetooth connection.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Content Protection Strength IT policy rule

DescriptionThis rule specifies the cryptography strength that a BlackBerry® device uses to encrypt content that it receives while it is locked.When you specify a value, the content protection feature is turned on.

Default valuesThe default value in the Advanced security and Advanced security (disallow application downloads) IT policies is Strong.

The default value in all other preconfigured IT policies is a null value.

UsageConfigure this rule to Strong to use a 160-bit ECC public key. This key provides good security and good performance and isadequate for most situations.

Configure this rule to Stronger to use a 283-bit ECC public key. This key provides better security but slower performance thanthe Strong setting.

Configure this rule to Strongest to use a 571-bit ECC public key. This key provides the highest level of security but the slowestperformance of the three settings.

For BlackBerry devices that are running BlackBerry® Device Software version 5.0 and later, if onboard device memory exists onthe BlackBerry device when you configure this rule, the rule also encrypts the onboard device memory (embedded M.C.) to theuser password and a device-generated key.

To encrypt the media files in the onboard device memory, configure the Force Encryption on Internal File System Media Files ITpolicy rule, or instruct the BlackBerry device user to configure file encryption.

Policy Reference Guide Security policy group

146

Page 149: BlackBerry Enterprise Server - Telef³nica Czech Republic

For BlackBerry devices that are running BlackBerry Device Software versions that are earlier than version 5.0, you can configurethe External File System Encryption Level IT policy rule. The External File System Encryption Level IT policy rule also encrypts themedia card.

DependenciesA BlackBerry device uses this rule only if you configure the Password Required IT policy rule to True.

If you configure this rule to Strong or Stronger, configure the Minimum Password Length IT policy rule to 12 characters. If youconfigure the content protection strength to Strongest, instruct the user to create a password of at least 21 characters. Thesepassword lengths maximize the encryption strength that the longer ECC keys are designed to provide.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Desktop Backup IT policy rule

DescriptionThis rule specifies which BlackBerry® device databases are backed up by the BlackBerry® Desktop Software.

Default valueThe default value is All databases.

UsageBy default, the BlackBerry Desktop Software backs up the information in the following databases:• Handheld Keys store• Certificate Options• Trusted Key Store• Policy• KeyStoreManager• Random Pool• PGP Key Store

Change this rule to Minimal subset of databases to back up a minimal set of BlackBerry device databases, including databasesthat some desktop components, such as the certificate synchronization tool of the BlackBerry® Desktop Manager, require accessto.

Change this rule to No databases to prevent the backup of BlackBerry device databases.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0

Policy Reference Guide Security policy group

147

Page 150: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Disable 3DES Transport Crypto IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device from using the Triple DES algorithm to encrypt and decrypt data sentbetween a BlackBerry device and the BlackBerry® Enterprise Server.

Default valueThe default value is False. A BlackBerry device and the BlackBerry Enterprise Server can use the Triple DES algorithm and theAES algorithm to encrypt and decrypt data that they send between each other.

UsageChange this rule to True to require that a BlackBerry device and the BlackBerry Enterprise Server use the AES algorithm to encryptand decrypt data that they send between them.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Device Software version 4.0• BlackBerry Enterprise Server version 4.0

Disable BlackBerry App World IT policy rule

DescriptionThis rule specifies whether the BlackBerry App World™ application is turned off on the BlackBerry® device.

Default valueThe default value is False. On the BlackBerry device, the BlackBerry App World application is turned on.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.1 SP7

Disable Cut/Copy/Paste IT policy rule

Description

Policy Reference Guide Security policy group

148

Page 151: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether to prevent a BlackBerry® device user from cutting, copying, and pasting text on a BlackBerry device.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Disable External Memory IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device user from accessing the media card on a supported BlackBerry device.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Disable Forwarding Between Services IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device user from forwarding or replying to a message on a BlackBerry deviceusing an email account or messaging service that is associated with a BlackBerry® Enterprise Server or BlackBerry® InternetService that is different from the service that delivered the original message.

UsageUse this rule to prevent forwarding or replying to a PIN message with an email message, or replying to an email message witha PIN message.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device

Policy Reference Guide Security policy group

149

Page 152: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.0• BlackBerry Enterprise Server version 4.0

Disable Geo-Tagging of Photos IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device from adding geographical co-ordinates to the metadata of storedpictures.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.1 SP4

Disable GPS IT policy rule

DescriptionThis rule specifies whether the GPS feature on a BlackBerry® device is turned on.

Default valueThe default value is False.

UsageChange this rule to True to turn off the GPS feature and prevent applications on a BlackBerry device from accessing it.

DependenciesIf you change this rule to True, BlackBerry® Maps does not work and applications cannot access the GPS APIs for the BlackBerrydevice. This rule overrides the Is Access to the GPS API Allowed application control policy rule setting.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.3• BlackBerry® Enterprise Server version 4.1 SP5

Policy Reference Guide Security policy group

150

Page 153: BlackBerry Enterprise Server - Telef³nica Czech Republic

Disable Invalid Certificate Use IT policy rule

DescriptionThis rule specifies whether to prevent a user from sending an email message from a BlackBerry® device using an expired orinvalid certificate.

Default valueThe default value is False. A BlackBerry device warns the user that the certificate is expired or invalid, but it does not prevent theuser from using the certificate.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server for IBM® Lotus® Domino® and BlackBerry® Enterprise Server for Novell® GroupWise® version

4.0• BlackBerry® Enterprise Server for Microsoft® Exchange version 3.6

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.

Disable IP Modem IT policy rule

DescriptionThis rule specifies whether the IP modem on an applicable BlackBerry® device is available.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Disable Key Store Backup IT policy rule

Description

Policy Reference Guide Security policy group

151

Page 154: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether to prevent a BlackBerry® device user from backing up the certificates and private keys that are storedon a BlackBerry device.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0• BlackBerry® Connect™ version 4.0

Disable Key Store Low Security IT policy rule

DescriptionThis rule (also known as Disable Security Data Low Security IT policy rule) specifies whether to prevent a BlackBerry® device userfrom setting the key store security level to Low.

Default valueThe default value is False.

UsageChange this IT policy rule to True to require the next highest level of key store security automatically.

For BlackBerry devices that are running BlackBerry® Device Software version 3.6, the next highest security level is High. ForBlackBerry devices that are running BlackBerry Device Software version 4.0 or later, the next highest security level is Medium.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ Transport Stack version 4.0• BlackBerry Device Software version 3.6• BlackBerry® Enterprise Server for IBM® Lotus® Domino® and BlackBerry® Enterprise Server for Novell® GroupWise® version

4.0• BlackBerry® Enterprise Server for Microsoft® Exchange version 3.6

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.

Disable Media Manager FTP Access

Description

Policy Reference Guide Security policy group

152

Page 155: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether applications can access the file transfer protocol channel from the media manager tool of theBlackBerry® Desktop Manager.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Disable Message Normal Send IT policy rule

DescriptionThis rule specifies whether to require a BlackBerry® device user to send encrypted or signed email messages.

Default valueThe default value is False.

UsageIf you change this rule to True, to send email messages, the user must install the S/MIME Support Package for BlackBerry®smartphones or the PGP® Support Package for BlackBerry® smartphones. You must also turn on S/MIME message processingon the BlackBerry® Enterprise Server or, in the PGP Application policy group, configure the PGP Universal Server Address rule.

For BlackBerry devices that are running BlackBerry® Device Software version 5.0 and later, this rule applies only to email messagesthat a user sends through your organization’s BlackBerry Enterprise Server. To prevent a user from sending email messages thatare not encrypted or signed from a different email message service, such as the BlackBerry® Internet Service, in the ServiceExclusivity policy group, configure the Allow Other Message Services rule.

For BlackBerry devices that are running BlackBerry Device Software versions that are earlier than version 5.0, this rule appliesto all email message services.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server for IBM® Lotus® Domino® and BlackBerry® Enterprise Server for Novell® GroupWise® version

4.0

Policy Reference Guide Security policy group

153

Page 156: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Enterprise Server for Microsoft® Exchange version 3.6

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.

Disable Peer-to-Peer Normal Send IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device user from sending PIN messages that are not encrypted when usingthe S/MIME Support Package for BlackBerry® smartphones or the PGP® Support Package for BlackBerry® smartphones.

Default valueThe default value is False.

UsageIf you change this rule to True, to send PIN messages the user must install the S/MIME Support Package for BlackBerrysmartphones or the PGP Support Package for BlackBerry smartphones on a BlackBerry device. You must also turn on S/MIMEmessage processing on the BlackBerry® Enterprise Server, or configure the PGP Universal Server Address IT policy rule to permitPGP message processing.

To turn off all PIN messaging, configure the Allow Peer-to-Peer Messages IT policy rule to False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server for IBM® Lotus® Domino® and BlackBerry® Enterprise Server for Novell® GroupWise® version

4.0• BlackBerry® Enterprise Server for Microsoft® Exchange version 3.6

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.

Disable Persisted Plain Text IT policy rule

DescriptionThis rule specifies whether to prevent applications from keeping the plain text form of a content-protected object in the persistentstore on a BlackBerry® device (for example, the file system).

Default value

Policy Reference Guide Security policy group

154

Page 157: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is False. The BlackBerry device can keep the plain text form of a content-protected object in the persistent store.

UsageConfigure this rule only if you require that sensitive data does not persist in plain text form on a BlackBerry device.

To prevent any application from storing data in plain text form in the persistent store on a BlackBerry device, configure this ruleto True.

When you configure this rule to True, if an application that is installed on a BlackBerry device tries to save data to the persistentstore in plain text form, the BlackBerry device performs the following actions:• logs an exception error message in the log file on the BlackBerry device• resets the BlackBerry device and displays a Java® 576 error• removes the data that the application tries to save

Attention: If you change this rule to True, applications on the BlackBerry device that do not use the content protection frameworkAPI to encrypt data might not work.

Minimum requirements• Java based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Disable Public Photo Sharing Applications IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device user from uploading pictures to the Internet using public photosharing applications.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Enterprise Server version 4.1 SP4• BlackBerry® Application Suite version 1.0

Disable Public Social Networking Applications IT policy rule

Description

Policy Reference Guide Security policy group

155

Page 158: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether a user can install public social networking applications on a BlackBerry® device to access public socialnetworking services (for example, Facebook®).

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Enterprise Server version 4.1 SP5

Disable Radio When Cradled IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device turns off the wireless transceiver when it connects to a USB device.

Default valueThe default value is Radio not disabled when USB device is connected. The wireless transceiver remains on.

UsageChange this rule to Radio disabled when USB device is connected to turn off the wireless transceiver while the BlackBerry deviceis connected to a USB device.

Change this rule to Radio disabled when connected USB device enumerates to turn off the wireless transceiver only when aconnected USB device (for example, a computer) sends standard USB requests to communicate with a BlackBerry device.

DependenciesOnly USB enabled BlackBerry devices support this rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Disable Revoked Certificate Use IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device user from sending email messages that are encrypted using revokedcertificates.

Default value

Policy Reference Guide Security policy group

156

Page 159: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is False. A BlackBerry device warns the user that the certificate is revoked, but it does not prevent the user fromusing the certificate.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server for IBM® Lotus® Domino® and Novell® GroupWise® version 4.0• BlackBerry® Enterprise Server for Microsoft® Exchange version 3.6

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.

Disable Smart Password Entry IT policy rule

DescriptionThis rule specifies whether to prevent a user from using smart password entry when using two-factor authentication.

If a user uses two-factor authentication and a BlackBerry® device password or authentication password is numeric, with smartpassword entry, the BlackBerry device remembers whether the last password typed was numeric. If the password was numeric,the next time that the user types the password, the user does not have to press the Alt key to type the numbers.

Default valueThe default value is False. A BlackBerry device stores the user’s numeric passwords, and a user can use smart password entry onthe BlackBerry device when using two-factor authentication.

UsageIf you change this rule to True, a BlackBerry device deletes any knowledge of the user’s numeric passwords if the user is currentlyusing smart password entry.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Disable Stale Certificate Status Checks IT policy rule

Description

Policy Reference Guide Security policy group

157

Page 160: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether a BlackBerry® device displays warnings and indicators if the user receives an email message thatincludes a certificate with a stale status.

Default valueThe default value is False

UsageIf you change this rule to True, a BlackBerry device does not display warnings and indicators ofabout stale certificate status.Consider changing this rule to True if your organization uses a PKI that does not update the status of certificates.

DependenciesIf you change this rule to True, a BlackBerry device ignores the Certificate Status Maximum Expiry Time IT policy rule and thestatus of certificates on the BlackBerry device never expires.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Disable Stale Status Use IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device user from sending an email message that is encrypted using acertificate with a stale status.

Default valueThe default value is False. A BlackBerry device warns the user that the certificate has a stale status, but it does not prevent theuser from using the certificate.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Disable Untrusted Certificate Use IT policy rule

Description

Policy Reference Guide Security policy group

158

Page 161: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether to prevent a BlackBerry® device user from sending an email message that is encrypted with a certificatethat the BlackBerry device does not trust.

Default valueThe default value is False. A BlackBerry device warns the user that the certificate is not trusted, but it does not prevent the userfrom using the certificate.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server for IBM® Lotus® Domino® and Novell® GroupWise® version 4.0• BlackBerry® Enterprise Server for Microsoft® Exchange version 3.6

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.

Disable Unverified Certificate Use IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device user from sending an email message that is encrypted with a certificatethat the BlackBerry device cannot verify.

Default valueThe default value is False. A BlackBerry device warns the user that the certificate could not be verified, but it does not preventthe user from using the certificate.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Disable Unverified CRLs IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device user from accepting CRLs that are not verified on the BlackBerryMDS Connection Service when checking the status of a certificate.

Default value

Policy Reference Guide Security policy group

159

Page 162: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Disable USB Mass Storage IT policy rule

DescriptionThis rule specifies whether USB mass storage and the media transport protocol is turned on.

Default valuesThe default value in the Advanced security and the Advanced security (disallow application downloads) IT policies is True.

The default value in all other preconfigured IT policies is False.

UsageThe media transport protocol allows a user to transfer media files to the BlackBerry® device from a media card. If you changethis rule to True, a BlackBerry device cannot access a media card that is connected to the USB port. This means that the abilityto transfer files to a media card using the Roxio® Media Manager with the BlackBerry® Desktop Manager versions 4.2.2 and 4.3is turned off.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Disable Weak Certificate Use IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device user from sending an email message using a certificate that has acorresponding weak public key.

Default valueThe default value is False. A BlackBerry device warns the user that the corresponding public key is weak, but it does not preventthe user from using the certificate.

UsageUse the IT policy rules that are provided for the TLS application, the WTLS application, the S/MIME Support Package forBlackBerry® smartphones, or the PGP® Support Package for BlackBerry® smartphones.

Policy Reference Guide Security policy group

160

Page 163: BlackBerry Enterprise Server - Telef³nica Czech Republic

Configure the minimum strengths for the RSA®, DSA, ECC, and Diffie-Hellman algorithm key lengths.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server for IBM® Lotus® Domino® and Novell® GroupWise® version 4.0• BlackBerry® Enterprise Server for Microsoft® Exchange version 3.6

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.

Disallow Third Party Application Downloads IT policy rule

DescriptionThis rule specifies whether a user can install an application that the Research In Motion® signing authority system has notdigitally signed on a BlackBerry® device.

Default valuesThe default value in the Medium password security (disallow application downloads) and the Advanced security (disallowapplication downloads) IT policies is True.

The default value in all other preconfigured IT policies is False.

UsageThis rule prevents a user from installing an unsigned third-party application that is sent over a wireless network or when aBlackBerry device is connected to the BlackBerry® Desktop Manager or application loader tool. This rule applies to any unsignedapplications that the BlackBerry® Enterprise Server or another party send to a BlackBerry device.

If you change the value to True, this rule does not remove any existing third-party applications from a BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ versions 2.1, 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server for IBM® Lotus® Domino® and BlackBerry® Enterprise Server for Novell® GroupWise® version

4.0• BlackBerry® Enterprise Server for Microsoft® Exchange version 3.6

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.

Policy Reference Guide Security policy group

161

Page 164: BlackBerry Enterprise Server - Telef³nica Czech Republic

External File System Encryption Level IT policy rule

DescriptionThis rule specifies the level of encryption that a BlackBerry® device uses to encrypt files that it stores on a media card.

Default valuesThe default value in the Default IT policy is Not required.

The default value in the Advanced security and Advanced security with No 3rd Party Applications IT policies is Encrypt to UserPassword and Device Key (including multimedia directories).

The default value in all other preconfigured IT policies is a null value.

UsageYou can use this rule to require that a BlackBerry device encrypt a media card, either including or excluding media card files. Youcannot use this rule to encrypt files that a BlackBerry device user transfers to the media card manually (for example, from a USBmass storage device).

The master keys for the media card are stored on the media card. A BlackBerry device is designed to use the master keys todecrypt and encrypt files on the media card. A BlackBerry device is designed to use the BlackBerry device key, a user-providedpassword, or both to encrypt the master keys.

Change this rule to Encrypt to User Password (excluding multimedia directories) if the media card requires encryption with apassword that the user provides.

Change this rule to Encrypt to User Password (including multimedia directories) if the media card requires encryption with apassword that the user provides.

Change this rule to Encrypt to Device Key (excluding multimedia directories) if the media card requires encryption with aBlackBerry device key.

Change this rule to Encrypt to Device Key (including multimedia directories) if the media card requires encryption with aBlackBerry device key.

Change this rule to Encrypt to User Password and Device Key (excluding multimedia directories) if the media card requiresencryption with a password that the user provides and a BlackBerry device key.

Change this rule to Encrypt to User Password and Device Key (including multimedia directories) if the media card requiresencryption with a password that the user provides and the BlackBerry device key.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Policy Reference Guide Security policy group

162

Page 165: BlackBerry Enterprise Server - Telef³nica Czech Republic

FIPS Level IT policy rule

DescriptionThis rule specifies the level of FIPS compliance that your organization requires.

Default valueThe default value is FIPS 140-2 Level 1 compliance.

UsageThis rule is obsolete in BlackBerry® Enterprise Server versions 4.1 SP3 and later and BlackBerry® Device Software versions 4.2.1and later.

FIPS 140-2 Level 1 compliance affects the BlackBerry® Cryptographic Kernel, which is the embedded cryptographic modulerequired for basic operation of a BlackBerry device.

FIPS 140-2 Level 2 compliance affects only the BlackBerry Device Software. It does not result in a BlackBerry device meetingFIPS 140-2 Level 2 hardware security requirements.

If you change this rule to Level 2, a BlackBerry device prevents WTLS from using an RC encryption algorithm, which can causeproblems when using WTLS.

DependenciesIf you change this rule to 2, the following additional IT policy rules are configured:

• Password Required is configured to True• Minimum Password Length is configured to 5• Suppress Password Echo is configured to True• PGP® Allowed Content Ciphers is configured to AES (256-bit), AES (192-bit), AES (128-bit), Triple DES• S/MIME Allowed Content Ciphers is configured to AES (256-bit), AES (192-bit), AES (128-bit), Triple DES• TLS Restrict FIPS Ciphers is configured to True• Disallow Third Party Application Download is configured to True

Minimum requirements• Java® based BlackBerry device• For FIPS Level 1 compliance, BlackBerry Device Software version 3.3• For FIPS Level 2 compliance, BlackBerry Device Software version 4.0• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry Enterprise Server version 4.0

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule in BlackBerry Device Software version 4.0 to version4.2.1.

Policy Reference Guide Security policy group

163

Page 166: BlackBerry Enterprise Server - Telef³nica Czech Republic

Firewall Block Incoming Messages IT policy rule

DescriptionThis rule specifies whether the BlackBerry® device firewall prevents the BlackBerry device from processing specific types ofincoming messages, including SMS text messages, MMS messages, public and organization-specific PIN messages, andBlackBerry® Internet Service messages.

Note: You use the default PIN encryption key to send public PIN messages that are known to all BlackBerry devices. A BlackBerrydevice with an organization-specific PIN encryption key can only send and receive organization-specific PIN messages withother BlackBerry devices within your organization's network that use the same PIN encryption key.

Default valueThe default value is a null value.

UsageIf you configure this rule, a BlackBerry device blocks the specified types of incoming messages at the firewall and does not notifythe user that those types of messages were received.

A user can specify whether to block public PIN messages on a BlackBerry device. A user cannot specify whether to blockorganization-specific PIN messages on a BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Firewall Whitelist Addresses IT policy rule

DescriptionThis rule specifies the list of email addresses that the BlackBerry® device firewall allows. A BlackBerry device receives messagesfrom these email addresses even if the user blocks all incoming messages on a BlackBerry device.

Default valueThe default value is a null value.

UsageSpecify email addresses with wildcard characters (for example, *@organization.com) to allow email messages from a specificdomain.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.5

Policy Reference Guide Security policy group

164

Page 167: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Enterprise Server version 4.1 SP5

Force Content Protection Of Master Keys IT policy rule

DescriptionThis rule specifies whether content protection for device transport keys that a BlackBerry® device stores is turned on.

Default valueThe default value is False.

UsageContent protection is designed to encrypt the device transport keys on a BlackBerry device using 256-bit AES, and to store themin the BlackBerry device memory. To turn on content protection for device transport keys, you or a user must turn on contentprotection on the BlackBerry device. You can turn on content protection on the BlackBerry device using the Content ProtectionStrength IT Policy Rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP3

Force Device Password Entry While User Authentication is Enabled IT policy rule

DescriptionThis rule specifies whether users must type their user names and BlackBerry® device passwords when the user authenticatoroption is turned on.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0

Force LED Blinking When Microphone Is On IT policy rule

Description

Policy Reference Guide Security policy group

165

Page 168: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether a BlackBerry® device LED flashes when the microphone is on (for example, during a call or whenrecording a voice message).

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.1• BlackBerry® Enterprise Server version 4.0 SP3

Force Lock When Closed IT policy rule

DescriptionThis rule specifies whether BlackBerry® Pearl™ 8220 and BlackBerry® 8210 smartphones are security locked automatically whenthe flip is closed.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry Pearl 8220 device• Java based BlackBerry 8210 device• BlackBerry® Device Software version 4.6• BlackBerry® Enterprise Server version 4.1 SP6

Force Lock When Holstered IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device locks when a user inserts it in the holster.

Default valuesThe default value in the Default and Basic password security IT policies is False.

The default value in all other preconfigured IT policies is True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 4.0

Exceptions

Policy Reference Guide Security policy group

166

Page 169: BlackBerry Enterprise Server - Telef³nica Czech Republic

The BlackBerry® Enterprise Server for Novell® GroupWise® supports this IT policy rule in BlackBerry Device Software versions4.0 and later.

Force Multi Factor Authentication IT policy rule

DescriptionThis rule specifies whether to force the use of multifactor authentication on a BlackBerry® device.

Default valueThe default value is False.

UsageTo use multifactor authentication on a BlackBerry device, change this rule to True. If multiple authentication mechanisms arepermitted, a lock icon appears on the BlackBerry device to indicate that a user cannot change it.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0

Force Smart Card Reader Challenge Response while User Authentication is enabled IT policyrule

DescriptionThis rule specifies whether a BlackBerry® device requires a user to use the same BlackBerry® Smart Card Reader all the time, inaddition to the user authenticator password (smart card PIN), when the user turns on two-factor authentication.

Default valueThe default value is False.

UsageIf you change this rule to True, a user must delete all of the BlackBerry device data if the BlackBerry Smart Card Reader is lostor stolen.

If you change this rule to True, a user cannot change the Always Use Same <BlackBerry_device_name> option on a BlackBerrydevice from Enabled to Disabled.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0• BlackBerry Smart Card Reader version 2.0

Policy Reference Guide Security policy group

167

Page 170: BlackBerry Enterprise Server - Telef³nica Czech Republic

Force Smart Card Two Factor Authentication IT policy rule

DescriptionThis rule specifies whether a user must type a BlackBerry® device password and the smart card password to unlock a BlackBerrydevice.

Default valueThe default value is False.

UsageIf you change this rule to True, to unlock a BlackBerry device, a user might require an authenticator module for a smart card andmust have a smart card driver and a BlackBerry® Smart Card Reader driver installed on the BlackBerry device.

DependenciesIf you change this rule to True, the BlackBerry® Enterprise Server automatically configures the Password Required IT policy ruleto True in the same IT policy. You must configure the Password Required IT policy rule to True manually for a BlackBerry devicethat is running BlackBerry® Device Software versions 4.2 and earlier.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry Device Software version 3.6• BlackBerry Smart Card Reader software version 1.5• BlackBerry® Enterprise Server for IBM® Lotus® Domino® and BlackBerry® Enterprise Server for Novell® GroupWise® version

4.0• BlackBerry® Enterprise Server for Microsoft® Exchange version 3.6

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.

Force Smart Card Two Factor Challenge Response IT policy rule

DescriptionThis rule specifies whether the user must choose a smart card certificate to use with smart card two-factor authentication.

This feature is designed to increase the security of smart card two-factor authentication, but when it is turned on, a BlackBerry®device requires more time to unlock.

Default value

Policy Reference Guide Security policy group

168

Page 171: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is False.

UsageIf you change this rule to True, when the user unlocks a BlackBerry device, the BlackBerry device sends a challenge to the smartcard to verify the authenticator module for the smart card.

If you change this rule to True, to use a BlackBerry device, a user must have a BlackBerry® Smart Card Reader, and must installa smart card driver and a BlackBerry Smart Card Reader driver on the BlackBerry device.

DependenciesA BlackBerry device uses this rule only if you configure the Password Required and Force Smart Card Two Factor AuthenticationIT policy rules to True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.2• BlackBerry Smart Card Reader software version 1.5• BlackBerry® Enterprise Server version 4.0 SP6

Key Store Password Maximum Timeout IT policy rule

DescriptionThis rule specifies the maximum number of minutes that can elapse before the cached password timeout expires in the key store.After the timeout expires, a BlackBerry® device prompts the user to type the password. The permitted range is 1 through 60minutes.

Default valueThe default value is 1 minute.

UsageIf you change this rule to 0, a BlackBerry device cannot cache the key store password and cannot reduce the number of passwordprompts.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server for IBM® Lotus® Domino® and BlackBerry® Enterprise Server for Novell® GroupWise® version

4.0• BlackBerry® Enterprise Server for Microsoft® Exchange version 3.6

Exceptions

Policy Reference Guide Security policy group

169

Page 172: BlackBerry Enterprise Server - Telef³nica Czech Republic

The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.

Lock on Smart Card Removal IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device locks when the user removes the paired smart card from the BlackBerry® SmartCard Reader or disconnects the BlackBerry Smart Card Reader from a BlackBerry device.

Not all smart card reader drivers support smart card removal detection.

Default valueThe default value is False.

UsageIf you change this rule to True, to use a BlackBerry device, users might require an authenticator module for the smart card andmust have a smart card driver and a BlackBerry Smart Card Reader driver installed on the BlackBerry device.

DependenciesIf you change this rule to True, the BlackBerry® Enterprise Server configures the Password Required and Force Smart Card TwoFactor Authentication IT policy rules to True automatically in the same IT policy.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server for IBM® Lotus® Domino® and Novell® GroupWise® version 4.0• BlackBerry® Enterprise Server for Microsoft® Exchange version 3.6

ExceptionsThe BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.

Maximum Smart Card User Authenticator Certificate Status Check Period IT policy rule

DescriptionThis rule specifies the maximum length of time (in minutes) that can elapse between status checks of the user authenticationcertificates that a BlackBerry® device uses with smart cards. During each period, the BlackBerry device requests the status ofthe certificate. If the certificate is revoked, the BlackBerry device locks and the user is unable to unlock it unless the certificatestatus changes from On Hold to Good. The permitted range between status checks is 240 to 40320 minutes.

Default valueThe default value is -1, which specifies no time limit.

Dependencies

Policy Reference Guide Security policy group

170

Page 173: BlackBerry Enterprise Server - Telef³nica Czech Republic

A BlackBerry device uses this rule only if you configure the Password Required, Force Smart Card User Authentication, and ForceSmart Card Two Factor Challenge Response IT policy rules to True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.5• BlackBerry® Enterprise Server version 4.1 SP5

Message Classification IT policy rule

DescriptionThis rule specifies the set of message classifications that are available to apply to email messages sent using the BlackBerry®Enterprise Server.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry Enterprise Server version 4.1 SP2

Message Classification Title IT policy rule

DescriptionThis rule specifies the title of the message classification that a BlackBerry® device includes when users apply the messageclassification to email messages.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.3• BlackBerry® Enterprise Server version 4.1 SP4

Minimal Encryption Key Store Security Level IT policy rule

Description

Policy Reference Guide Security policy group

171

Page 174: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies the minimum security level of the private key that a BlackBerry® device uses to encrypt email messages.

Default valueThe default value is Low security. A BlackBerry device never prompts the user for the key store password when accessing theprivate key to encrypt messages.

UsageIf you change this rule to Medium security, a BlackBerry device prompts the user for the key store password when accessing theprivate key to encrypt messages only if the password is cleared from the key store cache.

If you change this rule to High security, a BlackBerry device always prompts the user for the key store password when accessingthe private key to encrypt messages. If the user typed the password recently, the BlackBerry device prompts the user to confirmthe password.

When you configure this rule, all keys must use the security level that you configure as the minimum, but a user can configure ahigher security level on the BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Minimal Signing Key Store Security Level IT policy rule

DescriptionThis rule specifies the minimum security level of the private key that a BlackBerry® device uses to sign email messages.

Default valueThe default value is Low security. A BlackBerry device never prompts the user for the key store password when accessing theprivate key to sign messages.

UsageIf you change this rule to Medium security, a BlackBerry device prompts the user for the key store password when accessing theprivate key to sign messages only if the password is cleared from the key store cache.

If you change this rule to High security, a BlackBerry device always prompts the user for the key store password when accessingthe private key to sign messages. If the user typed the password recently, the BlackBerry device prompts the user to confirm thepassword.

When you configure this rule, keys must use the security level that you configure as the minimum, but the user can configure ahigher security level on a BlackBerry device.

Minimum requirements

Policy Reference Guide Security policy group

172

Page 175: BlackBerry Enterprise Server - Telef³nica Czech Republic

• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Password Required for Application Download IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device prompts a user for the BlackBerry device password when using the browser todownload applications.

Default valueThe default value is False.

DependenciesA BlackBerry device uses this rule only if you configure the Password Required IT policy rule to True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.2• BlackBerry® Enterprise Server version 4.1 SP4

Require Secure APB Messages IT policy rule

DescriptionThis rule specifies whether the BlackBerry® device can receive email messages that are not secure, including APB messages froma BlackBerry® Enterprise Server.

Default valueThe default value is False.

UsageA BlackBerry device can receive all email messages from the BlackBerry Enterprise Server that are not blocked at the BlackBerrydevice firewall unless you change this rule to True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry Enterprise Server version 4.0 SP6

Policy Reference Guide Security policy group

173

Page 176: BlackBerry Enterprise Server - Telef³nica Czech Republic

Required Password Pattern IT policy rule

DescriptionThis rule specifies the permitted structure of a BlackBerry® device password.

Passwords can contain Latin-1 characters only.

Default valueThe default value is a null value.

UsageUse the following characters in the password pattern to specify the character type that is permitted and its position in thepassword:

• a: Permits any letter.• A: Permits an uppercase letter only.• c: Permits any consonant letter.• C: Permits an uppercase consonant letter only.• v: Permits any vowel.• V: Permits an uppercase vowel only.• N, n, or #: Permits a number only.• S, s, or @: Permits a symbol only.• ?: Permits any letter, number, or symbol.

If you configure this rule, the user can create a password that is greater than or equal to the length of the pattern on a BlackBerrydevice. Password characters that exceed the pattern length can be any letters, numbers, or symbols.

Attention: Preventing a particular password character reduces the entropy level and security level of the password.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Reset to Factory Defaults on Wipe IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device resets to the factory default settings when it receives the Erase Data and DisableHandheld IT administration command over the wireless network.

The previous name of this rule was Remote Wipe Reset to Factory Defaults.

Policy Reference Guide Security policy group

174

Page 177: BlackBerry Enterprise Server - Telef³nica Czech Republic

Default valueThe default value is False.

UsageChange this rule to True to require a BlackBerry device to delete its stored IT policy permanently, delete all third-party applications,and delete all user data after it receives the IT administration command.

For BlackBerry devices that are running BlackBerry® Device Software version 5.0 and later, this rule is enforced both remotely(when an administrator erases the data on a BlackBerry device remotely) and locally (for example, when the user exceeds themaximum password attempts or erases all data on the BlackBerry device).

For BlackBerry devices that are running BlackBerry Device Software versions that are earlier than version 5.0, this rule is enforcedonly when an administrator erases the data remotely.

Minimum requirements• Java® based BlackBerry device• BlackBerry Device Software version 4.2.2• BlackBerry® Enterprise Server version 4.1 SP4

Secure Wipe Delay After IT Policy Received IT policy rule

DescriptionThis rule specifies the length of time (in hours) that can elapse after receiving an IT policy update or an IT administration commandthat a BlackBerry® device deletes all user data. The permitted range is 2 through 720 hours.

Default valueThe default value is disabled.

UsageUse this rule to require that a BlackBerry device that cannot receive IT policy updates or IT administration commands delete userdata after a specific period of time.

DependenciesIf you configure this rule to prevent deleting user data unexpectedly, on the BlackBerry® Enterprise Server, in the IT Adminproperties, configure the Policy Resend Interval to a lower value than the value that you configure in this rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry Enterprise Server version 4.0 SP6

Policy Reference Guide Security policy group

175

Page 178: BlackBerry Enterprise Server - Telef³nica Czech Republic

Secure Wipe Delay After Lock IT policy rule

DescriptionThis rule specifies the length of time (in hours) after a BlackBerry® device locks that the device deletes all user data. The permittedrange is 2 through 720 hours.

Default settingThe default setting is Disabled.

UsageUse this rule to require that a BlackBerry device delete the user data if the user has not unlocked the BlackBerry device withinthe specified period of time.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Secure Wipe if Low Battery IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device deletes all user data if the battery power level is too low.

Default valueThe default value is False.

UsageUse this rule to require that a BlackBerry device that cannot receive IT policy updates or IT administration commands deletesuser data when the battery power level is too low.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 4.0 SP6

Security Service Colors IT policy rule

Description

Policy Reference Guide Security policy group

176

Page 179: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies two background colors for email messages that a BlackBerry® device receives. Configure the colors in red-green-blue hexadecimal format.

The first color represents the background color of email messages that a BlackBerry device receives from the same BlackBerry®Enterprise Server that sent the IT policy. The second color represents the background color of email messages that a BlackBerrydevice receives from other services (for example, from the BlackBerry® Internet Service).

Default valueThe default value is a null value.

UsageYou might configure this rule to one of the following example colors:

• 0xffffff: white• 0x000000: black• 0xff0000: red• 0x00ff00: green• 0x0000ff: blue

Minimum requirements• Java® based BlackBerry device• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.0• BlackBerry Enterprise Server version 4.0

Security Transcoder Cod File Hashes IT policy rule

DescriptionThis rule specifies which .cod files a BlackBerry® device permits to register as transcoders.

Attention: If you specify third-party applications that can use the Transcoder API on a BlackBerry device, those applicationsmight impact the security, usability, and performance of the BlackBerry® Enterprise Solution. For more information, see theBlackBerry Enterprise Solution Security Technical Overview.

Default valueThe default value is a null value.

UsageTo permit a third-party encryption scheme to be used in conjunction with BlackBerry Enterprise Solution encryption, configurehashes in hexadecimal format, separated by commas. A BlackBerry device reads this information from the command javaloadersiblinginfo <implementation_file.cod> .

Minimum requirements• Java® based BlackBerry device

Policy Reference Guide Security policy group

177

Page 180: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Device Software version 4.5• BlackBerry® Enterprise Server version 4.1 SP5

Trusted Certificate Thumbprints IT policy rule

DescriptionThis rule specifies the Hex-ASCII certificate thumbprints used on a BlackBerry® device that are generated using the SHA-1, MD5,SHA-256, or SHA-512 algorithm. Separate multiple thumbprints with semi-colons (;).

Default valueThe default value is a null value.

UsageIf you configure this rule, a user can only add certificates to the trusted key store that use the thumbprints that appear in thedefined list.

The SHA-256 algorithm and SHA-512 algorithm require BlackBerry® Device Software version 5.1 or later.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 3.6

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® supports this rule in BlackBerry Device Software versions 4.0 and later.

Weak Digest Algorithms IT policy rule

DescriptionThis rule specifies the digest algorithms that a BlackBerry® device considers weak. When a BlackBerry device sends emailmessages, it uses the algorithms that it considers strong to digitally sign the messages. A BlackBerry device uses the list of weakdigest algorithms to verify the following data:

• algorithms that are used to digitally sign messages that a BlackBerry device receives are strong enough• certificate chains for the certificates that are used to sign messages that a BlackBerry device receives are strong enough

Default valueBy default, no algorithms are specified as weak.

Usage

Policy Reference Guide Security policy group

178

Page 181: BlackBerry Enterprise Server - Telef³nica Czech Republic

Specify a list of algorithms that a BlackBerry device considers weak. This prevents a user from sending an S/MIME-encrypted orPGP® encrypted message using a certificate or key that has a corresponding public key that is weak. You cannot specify SHA-384and SHA-512 as weak algorithms.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.3• BlackBerry® Enterprise Server version 4.1 SP5

S/MIME Application policy groupThe IT policy rules in the S/MIME Application policy group apply to BlackBerry® devices running the S/MIME Support Packagefor BlackBerry smartphones. For more information about using the S/MIME Support Package for BlackBerry smartphones, seethe S/MIME Support Package for BlackBerry Devices Security Technical Overview.

Entrust Messaging Server (EMS) Email Address IT policy rule

DescriptionThis rule specifies the email address for your organization's Entrust Entelligence™ Messaging Server.

Default valueThe default value is a null value.

UsageUse a null value if your organization does not use an Entrust Entelligence messaging server.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP3• S/MIME Support Package for BlackBerry® smartphones version 4.0

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

S/MIME Allowed Content Ciphers IT policy rule

Description

Policy Reference Guide S/MIME Application policy group

179

Page 182: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies the encryption algorithms that a BlackBerry® device can use to encrypt S/MIME-protected messages.

Default valueThe default value is to use all supported algorithms.

UsageTo maintain compatibility with most S/MIME clients, use Triple DES encryption and one of the RC2 algorithms. By default, aBlackBerry device is designed to encrypt email messages using Triple DES encryption if it does not know the decryption capabilitiesavailable to the recipient.

DependenciesIf you configure the FIPS Level IT policy rule to 2, a BlackBerry device uses AES (256-bit), AES (192-bit), AES (128-bit), and TripleDES encryption.

Minimum requirements• Java® based BlackBerry device• S/MIME Support Package for BlackBerry® smartphones version 1.5• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 4.0 SP3

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

S/MIME Allowed Encrypted Attachment Mode IT policy rule

DescriptionThis rule specifies the mode for retrieving S/MIME-protected attachment information on a BlackBerry® device.

Default valueThe default value is Automatic. A BlackBerry device requests decrypted attachment information from the BlackBerry® EnterpriseServer automatically when a user opens S/MIME-protected messages that contain attachments.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.5• BlackBerry Enterprise Server version 4.1 SP5

S/MIME Allowed Encryption Types IT policy rule

Description

Policy Reference Guide S/MIME Application policy group

180

Page 183: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies the types of encryption that a BlackBerry® device can use with S/MIME-protected messaging.

Default valueThe default value is Both. The BlackBerry device uses certificate-based encryption and password-based encryption.

UsageConfigure this rule to Certificate-based encryption only.

Configure this rule to Password-based encryption only.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.6• BlackBerry® Enterprise Server version 4.1 SP6• S/MIME Support Package for BlackBerry® smartphones version 4.0

S/MIME Blind Copy Address IT policy rule

DescriptionThis rule specifies an email address that is added as a BCC recipient to all sent S/MIME-protected messages.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry® device• S/MIME Support Package for BlackBerry® smartphones version 1.5• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 4.0 SP3

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

S/MIME Force Digital Signature IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device sends all S/MIME-protected messages digitally signed.

Default value

Policy Reference Guide S/MIME Application policy group

181

Page 184: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is False.

Minimum requirements• Java® based BlackBerry device• S/MIME Support Package for BlackBerry® smartphones version 1.5• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 4.0 SP3

ExceptionsThe BlackBerry Enterprise Server for Novell® GroupWise® does not support this rule.

S/MIME Force Encrypted Messages IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device encrypts all messages that it sends using S/MIME encryption.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• S/MIME Support Package for BlackBerry® smartphones version 1.5• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 4.0 SP3

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

S/MIME Force Smartcard Use IT policy rule

DescriptionThis rule specifies whether all operations that use certificates on a BlackBerry® device must be performed while the device isattached to a BlackBerry® Smart Card Reader.

Default valueThe default value is False.

Minimum requirements

Policy Reference Guide S/MIME Application policy group

182

Page 185: BlackBerry Enterprise Server - Telef³nica Czech Republic

• Java® based BlackBerry device• S/MIME Support Package for BlackBerry® smartphones version 1.5• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 4.0 SP3

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

S/MIME Minimum Strong DH Key Length IT policy rule

DescriptionThis rule specifies the minimum Diffie-Hellman key size (in bits) to use with S/MIME-protected messages. The permitted rangeis 512 through 4096 bits.

Default valueThe default value is 1024 bits.

Minimum requirements• Java® based BlackBerry® device• S/MIME Support Package for BlackBerry® smartphones version 1.5• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 4.0 SP3

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

S/MIME Minimum Strong DSA Key Length IT policy rule

DescriptionThis rule specifies the minimum DSA key size (in bits) to use with S/MIME-protected messages. The permitted range is 512through 1024 bits.

Default valueThe default value is 1024 bits.

Minimum requirements• Java® based BlackBerry® device

Policy Reference Guide S/MIME Application policy group

183

Page 186: BlackBerry Enterprise Server - Telef³nica Czech Republic

• S/MIME Support Package for BlackBerry® smartphones version 1.5• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 4.0 SP3

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

S/MIME Minimum Strong ECC Key Length IT policy rule

DescriptionThis rule specifies the minimum ECC key size (in bits) to use with S/MIME-protected messages. The permitted range is 163through 571 bits.

Default valueThe default value is 163 bits.

Minimum requirements• Java® based BlackBerry® device• S/MIME Support Package for BlackBerry® smartphones version 1.5• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 4.0 SP3

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

S/MIME Minimum Strong RSA Key Length IT policy rule

DescriptionThis rule specifies the minimum RSA® key size (in bits) to use with S/MIME-protected messages. The permitted range is 512through 4096 bits.

Default valueThe default value is 1024 bits.

Minimum requirements• Java® based BlackBerry® device• S/MIME Support Package for BlackBerry® smartphones version 1.5

Policy Reference Guide S/MIME Application policy group

184

Page 187: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 4.0 SP3

ExceptionsThe BlackBerry® Enterprise Server for Novell® GroupWise® does not support this rule.

Service Exclusivity policy group

Allow Other Browser Services IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device can use other browser services.

Default valueThe default value is True.

UsageChange this rule to False to require that a BlackBerry device send browser data through your organization's BlackBerry® EnterpriseServer, and to prevent a user from installing other browser services on a BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0 (internal)• BlackBerry® Device Software version 3.6• BlackBerry Enterprise Server version 3.5

Allow Other Calendar Services IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device user can use calendar services other than the standard calendar application ona BlackBerry device.

Default valueThe default value is True.

Usage

Policy Reference Guide Service Exclusivity policy group

185

Page 188: BlackBerry Enterprise Server - Telef³nica Czech Republic

Change this rule to False to require that a BlackBerry device user in your organization send appointments using a BlackBerry®Enterprise Server within your organization's environment.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.3• BlackBerry Enterprise Server version 4.1 SP5

Allow Other Message Services IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device can use other email message services.

Default valueThe default value is True.

UsageChange this rule to False to require that a BlackBerry device user send outgoing email messages through your organization'sBlackBerry® Enterprise Server and to prevent a user from sending email messages using other email message services.

This rule does not prevent a user from receiving email messages on a BlackBerry device from other email message services.

Minimum requirements• C++ based BlackBerry device that is running BlackBerry® Device Software version 2.5• Java® based BlackBerry device that is running BlackBerry Device Software version 3.6• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 2.1• BlackBerry Enterprise Server version 3.5

Allow Public AIM Services IT policy rule

DescriptionThis rule specifies whether a user can use AOL® Instant Messenger™ (AIM® service) on a BlackBerry® device.

Default valueThe default value is True.

UsageChange this rule to False to prevent communication using AIM on a BlackBerry device.

Minimum requirements• BlackBerry® Application Suite version 1.0

Policy Reference Guide Service Exclusivity policy group

186

Page 189: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Enterprise Server version 3.6 SP6

Allow Public Google Talk Services IT policy rule

DescriptionThis rule specifies whether a user can use Google Talk™ on a BlackBerry® device.

Default valueThe default value is True.

UsageChange this rule to False to prevent communication using Google Talk on a BlackBerry device.

If you change this rule to False and a user has downloaded the Google Talk for BlackBerry devices application, the Google Talkfor BlackBerry device icon remains on the Home screen. If a user tries to sign into the application, a message appears indicatingthat the application cannot be used.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry® Enterprise Server version 4.0 SP4

Allow Public ICQ Services IT policy rule

DescriptionThis rule specifies whether a user can use ICQ® on a BlackBerry® device.

Default valueThe default value is True.

UsageChange this rule to False to prevent communication using ICQ on a BlackBerry device.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry® Enterprise Server version 3.6 SP6

Allow Public IM Services IT policy rule

DescriptionThis rule specifies whether a user can use public instant messaging applications for BlackBerry® devices.

Default value

Policy Reference Guide Service Exclusivity policy group

187

Page 190: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is True.

UsageChange this rule to False to prevent using public instant messaging services on a BlackBerry device.

This rule applies to all Research In Motion® public instant messaging services for BlackBerry devices that were released afterthe first availability of this rule. To prevent a user from using Yahoo!® Messenger for BlackBerry® smartphones version 1.0 on aBlackBerry device, configure the Allow Public Yahoo! Messenger Services IT policy rule.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry® Enterprise Server version 4.0 SP4

Allow Public WLM Services IT policy rule

DescriptionThis rule specifies whether a user can use Windows Live™ Messenger on a BlackBerry® device.

Default settingThe default value is True.

UsageChange this rule to False to prevent communication using Windows Live Messenger on a BlackBerry device.

Minimum requirements• BlackBerry® Enterprise Server version 4.1 SP5

Allow Public Yahoo! Messenger Services IT policy rule

DescriptionThis rule specifies whether a user can use Yahoo!® Messenger on a BlackBerry® device.

Default valueThe default value is True.

UsageChange this rule to False to prevent communication using Yahoo! Messenger on a BlackBerry device.

Minimum requirements• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Enterprise Server version 3.6 SP4

Policy Reference Guide Service Exclusivity policy group

188

Page 191: BlackBerry Enterprise Server - Telef³nica Czech Republic

Allow T-Mobile Mobile Backup Contact Sync IT policy rule

DescriptionThis rule specifies whether T-Mobile® Mobile Backup can run on a BlackBerry® device.

Default valueThe default value is Disabled. A BlackBerry device user cannot synchronize contacts with the T-Mobile Mobile Backup.

UsageChange this rule to Enabled to permit a BlackBerry device user to synchronize contacts with the T-Mobile Mobile Backup.

Change this rule to Faves to permit a BlackBerry device user to synchronize only the contacts that are included in the user'sMyFaves plan with the T-Mobile Mobile Backup.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0

SIM Application Toolkit policy group

Disable Network Location Query IT policy rule

DescriptionThis rule specifies whether to prevent a wireless network or SIM card from querying a BlackBerry® device for certain location-related information.

Default settingThe default setting is False.

UsageThe information that the SIM card can query is limited to the current wireless network and cell identities, BlackBerry device IMEI,date, time, and some measurement results.

Minimum requirements• Java® based BlackBerry device• S/MIME Support Package for BlackBerry® smartphones version 4.0• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6

Policy Reference Guide SIM Application Toolkit policy group

189

Page 192: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Enterprise Server version 4.0 SP3

Disable SIM Call Control IT policy rule

DescriptionThis rule specifies whether to prevent a SIM card from changing a call, a supplementary service request, or an SMS text message.

Default settingThe default setting is False.

Minimum requirements• Java® based BlackBerry® device• S/MIME Support Package for BlackBerry® smartphones version 4.0• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 4.0 SP3

Disable SIM Originated Calls IT policy rule

DescriptionThis rule specifies whether to prevent a SIM card from making a call, performing a supplementary service operation, or sendingan SMS text message.

Default settingThe default setting is False.

Minimum requirements• Java® based BlackBerry® device• S/MIME Support Package for BlackBerry® smartphones version 4.0• BlackBerry® Connect™ version 4.0• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 4.0 SP3

Smart Dialing policy groupThe rules in the Smart Dialing policy group are obsolete in BlackBerry® Enterprise Server version 5.0 and later.

Instead, consider configuring the Restrict Incoming Cellular Calls rule and Restrict Outgoing Cellular Calls rule in the Firewallpolicy group.

Policy Reference Guide Smart Dialing policy group

190

Page 193: BlackBerry Enterprise Server - Telef³nica Czech Republic

Enable Smart Dialing Policy IT policy rule

DescriptionThis rule specifies whether smart dialing for VoIP calls is available on a BlackBerry® device.

Default settingThe default setting is True.

UsageThis rule is obsolete in BlackBerry® Enterprise Server versions 4.1 SP4 and later and BlackBerry® Device Software versions 4.0.2and later. Instead, consider configuring the Restrict Incoming Cellular Calls rule and Restrict Outgoing Cellular Calls rule in theFirewall policy group.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry Device Software version 4.0• BlackBerry Enterprise Server version 4.0 SP1

Set Local Area Code IT policy rule

DescriptionThis rule specifies the local area code for phone numbers.

Default valueThe default value is a null value.

UsageThis rule is obsolete in BlackBerry® Enterprise Server versions 4.1 SP4 and later and BlackBerry® Device Software versions 4.0.2and later. Instead, consider configuring the Restrict Incoming Cellular Calls rule and Restrict Outgoing Cellular Calls rule in theFirewall policy group.

DependenciesA BlackBerry device uses this rule only if you configure the Enable Smart Dialing IT policy rule to True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry Device Software version 4.0• BlackBerry Enterprise Server version 4.0 SP1

Policy Reference Guide Smart Dialing policy group

191

Page 194: BlackBerry Enterprise Server - Telef³nica Czech Republic

Set Local Country Code IT policy rule

DescriptionThis rule specifies the local country code for phone numbers.

Default valueThe default value is a null value.

UsageThis rule is obsolete in BlackBerry® Enterprise Server versions 4.1 SP4 and later and BlackBerry® Device Software versions 4.0.2and later. Instead, consider configuring the Restrict Incoming Cellular Calls rule and Restrict Outgoing Cellular Calls rule in theFirewall policy group.

DependenciesA BlackBerry device uses this rule only if you configure the Enable Smart Dialing IT policy rule to True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry Device Software version 4.0• BlackBerry Enterprise Server version 4.0 SP1

Set National Number Length IT policy rule

DescriptionThis rule specifies the length of the national phone number.

Default valueThe default value is a null value.

UsageThis rule is obsolete in BlackBerry® Enterprise Server versions 4.1 SP4 and later and BlackBerry® Device Software versions 4.0.2and later. Instead, consider configuring the Restrict Incoming Cellular Calls rule and Restrict Outgoing Cellular Calls rule in theFirewall policy group.

DependenciesA BlackBerry device uses this rule only if you configure the Enable Smart Dialing IT policy rule to True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0

Policy Reference Guide Smart Dialing policy group

192

Page 195: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry Device Software version 4.0• BlackBerry Enterprise Server version 4.0 SP1

Smart Dialing Allow Device Changes IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device user can change the smart dialing options.

Default valueThe default value is True.

UsageThis rule is obsolete in BlackBerry® Enterprise Server versions 4.1 SP4 and later and BlackBerry® Device Software versions 4.2.2and later. Instead, consider configuring the Restrict Incoming Cellular Calls rule and Restrict Outgoing Cellular Calls rule in theFirewall policy group.

DependenciesA BlackBerry device uses this rule only if you configure the Enable Smart Dialing IT policy rule to True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry Device Software version 4.0• BlackBerry Enterprise Server version 4.0 SP1

TCP policy group

TCP APN IT policy rule

DescriptionThis rule specifies whether a default APN is required when a BlackBerry® device uses TCP. The length of this string is limited to120 characters.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0

Policy Reference Guide TCP policy group

193

Page 196: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

TCP Password IT policy rule

DescriptionThis rule specifies whether a default APN password must be used when a BlackBerry® device uses TCP. The length of this stringis limited to 32 characters.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Enterprise Server version 4.0

TCP Username IT policy rule

DescriptionThis rule specifies whether a default APN user name is required when a BlackBerry® device uses TCP. The length of this stringis limited to 32 characters.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Policy Reference Guide TCP policy group

194

Page 197: BlackBerry Enterprise Server - Telef³nica Czech Republic

TLS Application policy group

TLS Device Side Only IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device and the BlackBerry® Enterprise Server can use proxy mode TLS or proxy modeHTTPS.

Default valueThe default value is False.

UsageIf you change this rule to True, all HTTPS connections must use TLS on the BlackBerry device.

If you change this rule and TLS is not available on the BlackBerry device, an exception occurs.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.0• BlackBerry Enterprise Server version 4.0

TLS Disable Invalid Connection IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device from permitting TLS connections to servers that have invalidcertificates.

Default valueThe default value is Prompt user on BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6.1• BlackBerry® Enterprise Server version 3.6

Policy Reference Guide TLS Application policy group

195

Page 198: BlackBerry Enterprise Server - Telef³nica Czech Republic

TLS Disable Untrusted Connection IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device from permitting TLS connections to untrusted servers.

Default valueThe default value is Prompt user on BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6.1• BlackBerry® Enterprise Server version 3.6

TLS Disable Weak Ciphers IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device from using weak algorithms over TLS connections.

Default valueThe default value is Prompt user on BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6.1• BlackBerry® Enterprise Server version 3.6

TLS Minimum Strong DH Key Length IT policy rule

DescriptionThis rule specifies the minimum DH key size (in bits) to use over TLS connections. The permitted range is 512 through 4096 bits.

Default valueThe default value on a BlackBerry® device is 1024 bits.

The default value on the BlackBerry® Enterprise Server is 512 bits.

Usage

Policy Reference Guide TLS Application policy group

196

Page 199: BlackBerry Enterprise Server - Telef³nica Czech Republic

If you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on a BlackBerrydevice, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificatethat is less than the minimum key size on the BlackBerry Enterprise Server.

For example, when a user browses to a secure web site that uses a 512-bit DH key in its certificate, the BlackBerry device promptsthe user to trust the web site. If the user trusts the web site and selects the Don't Ask Again option, the minimum key size on theBlackBerry device is configured to 512 bits. If you set the minimum key size on the BlackBerry Enterprise Server to 2048 bits, theBlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is lessthan 2048 bits.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6.1• BlackBerry Enterprise Server version 3.6

TLS Minimum Strong DSA Key Length IT policy rule

DescriptionThis rule specifies the minimum DSA key size (in bits) to use over TLS connections. The permitted range is 512 through 1024 bits.

Default valueThe default value on a BlackBerry® device is 1024 bits.

The default value on the BlackBerry® Enterprise Server is 512 bits.

UsageIf you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on theBlackBerry device, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in itscertificate that is less than the minimum key size on the BlackBerry Enterprise Server.

For example, when a user browses to a secure web site that uses a 512-bit DSA key in its certificate, the BlackBerry device promptsthe user to trust the web site. If the user trusts the web site and selects the Don't Ask Again option, the minimum key size on theBlackBerry device is configured to 512 bits. If you configure the minimum key size on the BlackBerry Enterprise Server to 1024bits, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate thatis less than 1024 bits.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6.1• BlackBerry Enterprise Server version 3.6 SP1

Policy Reference Guide TLS Application policy group

197

Page 200: BlackBerry Enterprise Server - Telef³nica Czech Republic

TLS Minimum Strong ECC Key Length IT policy rule

DescriptionThis rule specifies the minimum ECC key size (in bits) to use over TLS connections. The permitted range is 160 through 571 bits.

Default valueThe default value on a BlackBerry® device is 163 bits.

The default value on the BlackBerry® Enterprise Server is 160 bits.

UsageIf you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on theBlackBerry device, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in itscertificate that is less than the minimum key size on the BlackBerry Enterprise Server.

For example, when a user browses to a secure web site that uses a 160-bit ECC key in its certificate, the BlackBerry device promptsthe user to trust the web site. If the user trusts the web site and selects the Don't Ask Again option, the minimum key size on theBlackBerry device is configured to 160 bits. If you configure the minimum key size on the BlackBerry Enterprise Server to 233bits, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate thatis less than 233 bits.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6.1• BlackBerry Enterprise Server version 3.6

TLS Minimum Strong RSA Key Length IT policy rule

DescriptionThis rule specifies the minimum RSA® key size (in bits) to use over TLS connections. The permitted range is 512 through 4096 bits.

Default valueThe default value on the BlackBerry® device is 1000 bits.

The default value on the BlackBerry® Enterprise Server is 512 bits.

UsageIf you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on theBlackBerry device, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in itscertificate that is less than the minimum key size on the BlackBerry Enterprise Server.

Policy Reference Guide TLS Application policy group

198

Page 201: BlackBerry Enterprise Server - Telef³nica Czech Republic

For example, when a user browses to a secure web site that uses a 512-bit RSA key in its certificate, the BlackBerry device promptsthe user to trust the web site. If the user trusts the web site and selects the Don't Ask Again option, the minimum key size on theBlackBerry device is configured to 512 bits. If you configure the minimum key size on the BlackBerry Enterprise Server to 2048bits, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate thatis less than 2048 bits.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6.1• BlackBerry Enterprise Server version 3.6

TLS Restrict FIPS Ciphers IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device can use an algorithm with TLS that is not FIPS-compliant.

Default valueThe default value is False.

UsageBy default, if you configure the FIPS Level IT policy rule to Level 2, a BlackBerry device does not use this rule and uses onlyalgorithms that are FIPS-compliant.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6.1• BlackBerry® Enterprise Server version 3.6

Visual Voice Mail policy group

Allow Users to Save Messages IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device user can use visual voice mail to save or forward voice mail messages.

Default value

Policy Reference Guide Visual Voice Mail policy group

199

Page 202: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is True.

DependenciesIf you want to permit a BlackBerry device user access to visual voice mail, you must change the Disable Visual Voice Mail IT policyrule to False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Connect™ version 4.5• BlackBerry® Device Software version 4.5

Disable Visual Voice Mail IT policy rule

DescriptionThis rule specifies whether to permit a BlackBerry® device user access to visual voice mail.

Default valueThe default value is False.

UsageChange this rule to True to prevent a BlackBerry device user from accessing visual voice mail.

Note: If a wireless service provider gives a BlackBerry device user access to visual voice mail, it might prevent the user fromreceiving standard voice mail notifications.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Connect™ version 4.5• BlackBerry® Device Software version 4.5

Password Complexity IT policy rule

DescriptionThis rule specifies the minimum password length that a BlackBerry® device user is required to type to access the TUI. Thepermitted range is 0 to 16 digits.

Default valueThe default value is 4 digits.

DependenciesIf you configure this rule, you must change the Password Required IT policy rule to True.

Minimum requirements

Policy Reference Guide Visual Voice Mail policy group

200

Page 203: BlackBerry Enterprise Server - Telef³nica Czech Republic

• Java® based BlackBerry device• BlackBerry® Connect™ version 4.5• BlackBerry® Device Software version 4.5

Require password IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device user must type a password to access the TUI.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Connect™ version 4.5• BlackBerry® Device Software version 4.5

VoIP policy group

Allow VoIP IT policy rule

DescriptionThis rule specifies whether a user with a Wi-Fi® enabled BlackBerry® device can make VoIP calls.

Default valueThe default value is True. VoIP is turned on.

UsageThis rule is made obsolete by BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Disable VoIP User Profiles IT policy rule

Description

Policy Reference Guide VoIP policy group

201

Page 204: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether a user can create VoIP profiles on a BlackBerry® device.

Default valueThe default value is False.

UsageChange this rule to True to prevent a user from creating VoIP profiles on a BlackBerry device.

This rule is made obsolete by BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

SIP Authentication ID IT policy rule

DescriptionThis rule specifies the SIP authentication ID that a BlackBerry® device uses to authenticate to your organization's SIP server.

Default valueThe default value is a null value.

UsageSpecify a value only if your organization’s SIP server requires it.

This rule is made obsolete by BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

SIP Domain IT policy rule

DescriptionThis rule specifies the SIP domain where the SIP user ID is valid.

Default valueThe default value is a null value.

Usage

Policy Reference Guide VoIP policy group

202

Page 205: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule is made obsolete by BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

SIP Local Port IT policy rule

DescriptionThis rule specifies the network port number that a BlackBerry® device listens on for incoming SIP messages. The permitted rangeis 1 through 65535.

Default valueThe default value is 5060.

UsageThis rule is made obsolete by BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software e version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

SIP Realm IT policy rule

DescriptionThis rule specifies the name of the SIP domain or host that shares authentication information with your organization's SIP server.

Default valueThe default value is a null value.

UsageConfigure this rule to specify a name for a SIP domain or host. The SIP realm value on a BlackBerry® device must be the sameas the SIP realm value that you specified on the SIP server.

This rule is made obsolete by BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Policy Reference Guide VoIP policy group

203

Page 206: BlackBerry Enterprise Server - Telef³nica Czech Republic

SIP Registration Timeout IT policy rule

DescriptionThis rule specifies the time, in minutes, that can elapses before the SIP registration process expires. The permitted range is 1through 65535 minutes.

Default valueThe default value is 25 minutes.

UsageThis rule is made obsolete by BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

SIP RTP Media Port IT policy rule

DescriptionThis rule specifies the port number that a BlackBerry® device uses for outgoing RTP media streams. The permitted range is 1through 65535.

Default valueThe default value is 51100.

UsageThis rule is made obsolete by BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

SIP Server Name IT policy rule

DescriptionThis rule specifies the name or IP address of your organization's SIP proxy server.

Default value

Policy Reference Guide VoIP policy group

204

Page 207: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is a null value.

UsageThis rule is made obsolete by BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

SIP Server Port IT policy rule

DescriptionThis rule specifies the port number on your organization's SIP proxy server that the SIP proxy server uses to make networkconnections. The permitted range is 0 to 65536.

Default valueThe default value is 5060.

UsageChange this rule only if the port number that the SIP proxy server uses is not 5060.

This rule is made obsolete by BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

SIP Server Transport IT policy rule

DescriptionThis rule specifies the transport protocol that your organization's SIP server uses.

Default valueThe default value is UDP.

UsageChange this rule only if the transport protocol is not UDP.

This rule is made obsolete by BlackBerry® Mobile Voice System.

Minimum requirements

Policy Reference Guide VoIP policy group

205

Page 208: BlackBerry Enterprise Server - Telef³nica Czech Republic

• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

SIP Server Type IT policy rule

DescriptionThis rule specifies the type of SIP proxy server that a BlackBerry® device can connect to.

Default valueThe default value is Generic SIP.

UsageChange this rule only if the SIP proxy server is not generic.

This rule is made obsolete by BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

SIP User Display Name IT policy rule

DescriptionThis rule specifies the user name that your organization's SIP server displays when it sends a user’s SIP address to a BlackBerry®device.

Default valueThe default value is a null value.

UsageConfigure this rule if you want to specify a default value for all users.

This rule is made obsolete by BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Policy Reference Guide VoIP policy group

206

Page 209: BlackBerry Enterprise Server - Telef³nica Czech Republic

SIP User ID IT policy rule

DescriptionThis rule specifies the SIP user ID that a BlackBerry® device uses to register with your organization's SIP proxy server.

Default valueThe default value is a null value.

UsageConfigure this rule if you want to configure a default value for all users.

If a user types an SIP user ID on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user typed.To retain the value on the BlackBerry device, verify that the updated IT policy uses the same value as this rule.

This rule is made obsolete by BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

SIP User Password IT policy

DescriptionThis rule specifies the SIP user password that a BlackBerry® device uses to authenticate to your organization's SIP proxy server.

Default valueThe default value is a null value.

UsageConfigure this rule if you want to configure a default value for all users.

If the user types an SIP user password on a BlackBerry device manually, IT policy updates overwrite or delete the value. To retainthe value on the BlackBerry device, verify that the updated IT policy uses the same value as this rule.

This rule is made obsolete by BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Policy Reference Guide VoIP policy group

207

Page 210: BlackBerry Enterprise Server - Telef³nica Czech Republic

VoIP Allow BlackBerry Device Changes IT policy rule

DescriptionThis rule specifies whether a user can change SIP and VoIP settings on a BlackBerry® device for remote troubleshooting purposes.

Default valueThe default value is True.

UsageThis rule is made obsolete by BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

VoIP Emergency Number IT policy rule

DescriptionThis rule specifies the emergency number that a BlackBerry® device can use on your organization’s network.

Default valueThe default value is 911.

UsageTwo versions of this rule are available. Refer to the descriptions in the BlackBerry Administration Service to determine whichversion of this rule is the appropriate version for the BlackBerry devices in your organization. One version of the rule is valid forJava® versions 4.0.0 to 4.0.1.90 only and you must configure it as an integer. The other version of the rule is valid for Java versions4.0.1 or later and you must configure it as a string.

This rule is made obsolete by BlackBerry® Mobile Voice System.

Minimum requirements• Java based BlackBerry device• BlackBerry® Device Software version 4.0.• BlackBerry® Enterprise Server version 4.0 SP1

VoIP Enable Attended Call Transfer IT policy rule

Description

Policy Reference Guide VoIP policy group

208

Page 211: BlackBerry Enterprise Server - Telef³nica Czech Republic

This setting specifies whether a user can perform an attended transfer of a VoIP call (where the original call does not end untilthe user that transfers the call dials the transfer number and clicks Complete Transfer) on a BlackBerry® device.

Default valueThe default value is True.

UsageTo use this feature, verify that your organization’s PBX permits phones to transfer VoIP calls.

This rule is made obsolete by BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.1• BlackBerry® Enterprise Server version 4.0 SP1

VoIP Enable Call Hold IT policy rule

DescriptionThis rule specifies whether a user can place a VoIP call on hold on a BlackBerry® device.

Default valueThe default value is True.

This rule is made obsolete by BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.1• BlackBerry® Enterprise Server version 4.0 SP1

VoIP Enable Unattended Call Transfer IT policy rule

DescriptionThis rule specifies whether a user can perform an unattended transfer to a VoIP call (where the original call ends automaticallywhen the user that transfers the call dials the transfer number) on a BlackBerry® device.

Default valueThe default value is True.

UsageTo use this feature, verify your that organization’s PBX permits phones to transfer VoIP calls.

Policy Reference Guide VoIP policy group

209

Page 212: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule is made obsolete by BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.1• BlackBerry® Enterprise Server version 4.0 SP1

VPN policy group

Disable VPN User Profiles IT policy rule

DescriptionThis rule specifies whether a user can create VPN profiles on a BlackBerry® device.

Default valueThe default value is False.

UsageChange this rule to True to prevent a user from creating VPN profiles on a BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Enable VPN IT policy rule

DescriptionThis rule specifies whether the VPN client on a BlackBerry® device is turned on.

Default valueThe default value is False. A BlackBerry device might not be able to use a Wi-Fi® network that requires VPN access, or it mightrequire an alternative form of access control.

UsageChange this rule to True to require that a BlackBerry device use a VPN server to access a Wi-Fi network.

This rule is obsolete in BlackBerry® Enterprise Server version 4.1 SP3 and later.

Minimum requirements• Java® based BlackBerry device

Policy Reference Guide VPN policy group

210

Page 213: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Device Software version 4.0• BlackBerry Enterprise Server version 4.0 SP1

Use VPN Xauth IT policy rule

DescriptionThis rule specifies whether a VPN client on a BlackBerry® device should use Xauth certificates to authenticate to yourorganization's VPN gateway.

Default valueThe default value is False.

DependenciesYou must change the Enable VPN IT policy rule to True so that a BlackBerry device can use this rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

VPN Allow Handheld Changes IT policy rule

DescriptionThis rule specifies whether a user can change all VPN IT policy rules on a BlackBerry® device.

Default valueThe default value is True.

UsageIf you change this rule to False, the user can continue to change the VPN user name and VPN password on the BlackBerry device.

This rule is obsolete in BlackBerry® Enterprise Server version 4.1 SP3 and later.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry Enterprise Server version 4.0 SP1

VPN Allow Password Save IT policy rule

Description

Policy Reference Guide VPN policy group

211

Page 214: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether a user can save a VPN password on a BlackBerry® device.

Default valueThe default value is True.

UsageIf you change this rule to False (password not saved), the user must type a VPN password each time that the BlackBerry deviceconnects to the VPN concentrator.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

VPN Disable Prompt for Credentials Re-Entry IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device turns off the prompt for a user to type the VPN credentials after the user triesto authenticate to the VPN server but is not successful.

Default valueThe default value is False.

UsageChange this rule to True if you do not want a BlackBerry device to prompt a user to type VPN credentials after authentication isnot successful.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

VPN DNS Configuration IT policy rule

DescriptionThis rule specifies your organization's VPN DNS configuration.

Default valueThe default value is True. A BlackBerry® device retrieves DNS settings from the VPN gateway.

Usage

Policy Reference Guide VPN policy group

212

Page 215: BlackBerry Enterprise Server - Telef³nica Czech Republic

To require that a BlackBerry device use the static settings that are specified in the VPN Primary DNS IT policy rule, VPN SecondaryDNS IT policy rule, and VPN Domain Name IT policy rule, change this rule to False.

DependenciesYou must configure the Enable VPN IT policy rule to True so that a BlackBerry device can use this rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

VPN Domain Name IT policy rule

DescriptionThis rule specifies the suffix for your organization's domain name using the FQDN format.

Default valueThe default value is a null value.

DependenciesYou must configure the Enable VPN IT policy rule to True and the VPN DNS Configuration IT policy rule to False so that aBlackBerry® device can use this rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

VPN Gateway Address IT policy rule

DescriptionThis rule specifies the IP address or FQDN of your organization's VPN server.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Policy Reference Guide VPN policy group

213

Page 216: BlackBerry Enterprise Server - Telef³nica Czech Republic

VPN Group Name IT policy rule

DescriptionThis rule specifies the group name of your organization's VPN server.

Default valueThe default value is a null value.

UsageSpecify the group name of your organization's VPN server only if the type of VPN client requires it.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

VPN Group Password IT policy rule

DescriptionThis rule specifies the group password for your organization's VPN server.

Default valueThe default value is a null value.

UsageSpecify the group password for your organization's VPN server only if the type of VPN client requires it.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

VPN IKE Cipher IT policy rule

DescriptionThis rule specifies the encryption algorithm that a BlackBerry® device uses to authenticate the IKE exchanges.

Default valueThe default value is AES-128.

Usage

Policy Reference Guide VPN policy group

214

Page 217: BlackBerry Enterprise Server - Telef³nica Czech Republic

Change the value only if the encryption algorithm does not support AES-128.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

VPN IKE DH Group IT policy rule

DescriptionThis rule specifies the DH group that a BlackBerry® device uses to generate key material.

Default valueThe default value is Group 7 (elliptic curve cryptography).

UsageChange the value only if the DH group does not use ECC.

DependenciesYou must configure the Enable VPN IT policy rule to True so that a BlackBerry device can use this rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

VPN IKE Hash IT policy rule

DescriptionThis rule specifies the hash method authentication code that a BlackBerry® device can use.

Default valueThe default value is SHA-1 (160 bits).

UsageChange the value only if the hash method authentication code does not support SHA-1 (160 bits).

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Policy Reference Guide VPN policy group

215

Page 218: BlackBerry Enterprise Server - Telef³nica Czech Republic

VPN IPSec Cipher and Hash IT policy rule

DescriptionThis rule specifies the encryption algorithm and hash that a BlackBerry® device uses for IPSec Security Associations.

Default valueThe default value is SHA-1 Hash and AES-128 Cipher.

UsageChange the value only if the IPSec cipher and hash are not AES-128 and SHA-1.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

VPN Minimal Certificate Encryption Key Security Level IT policy rule

DescriptionThis rule specifies the minimum security level for private keys that a BlackBerry® device uses for authentication methods thatrequire client certificates.

Default valueThe default value is Low security. A BlackBerry device prompts the user only once for the key store password. The BlackBerrydevice retrieves and stores, in unencrypted format, the private key with the VPN profile.

UsageIf you change this rule to High security, a BlackBerry device always prompts the user for the key store password when theBlackBerry device requires access to the private key. This might happen frequently, even if the user typed the password recently.Private keys are not stored with the VPN profile.

If you change this rule to Medium security, a BlackBerry device prompts the user for the key store password the first time onlyand, from that point forward, only prompts the user again after the user resets the BlackBerry device. Private keys are cached inmemory but are not stored with the VPN profile.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.2• BlackBerry® Enterprise Server version 4.1 SP4

Policy Reference Guide VPN policy group

216

Page 219: BlackBerry Enterprise Server - Telef³nica Czech Republic

VPN NAT Keep Alive IT policy rule

DescriptionThis rule specifies the NAT keep-alive frequency.

Default valueThe default value is 1 minute.

UsageSpecify the interval, in minutes, after which a BlackBerry® device sends a keep-alive packet to the VPN concentrator to maintainthe connection to the VPN concentrator. The permitted range is 1 to 1439 minutes.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

VPN Password Hidden on Input IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device displays asterisks (*) instead of characters when the user types the VPN password.

Default valueThe default value is False.

UsageChange this rule to True to hide the VPN password as the user types it.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

VPN PFS IT policy rule

DescriptionThis rule specifies whether Perfect Forward Secrecy is turned on for a BlackBerry® device.

Default value

Policy Reference Guide VPN policy group

217

Page 220: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is True.

UsageChange the value only if your organization does not support Perfect Forward Secrecy.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

VPN Primary DNS IT policy rule

DescriptionThis rule specifies the static setting for the IP address of your organization's primary DNS server.

Default valueThe default value is a null value.

DependenciesYou must change the Enable VPN IT policy rule to True and the VPN DNS Configuration IT policy rule to False so that a BlackBerry®device can use this rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

VPN Secondary DNS IT policy rule

DescriptionThis rule specifies the static setting for the IP address of your organization's secondary DNS server.

Default valueThe default value is a null value.

DependenciesYou must change the Enable VPN IT policy rule to True and the VPN DNS Configuration IT policy rule to False so that a BlackBerry®device can use this rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0

Policy Reference Guide VPN policy group

218

Page 221: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Enterprise Server version 4.0 SP1

VPN User Name IT policy rule

DescriptionThis rule specifies the default user name that a BlackBerry® device uses to log in to your organization's VPN server.

Default valueThe default value is a null value.

UsageSpecify a value for this rule if you want to configure a default user name for all user accounts.

If a user types a user name on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user typed.To retain the value on the BlackBerry device, verify that the updated rule uses the same value as this rule.

DependenciesYou must change the Enable VPN IT policy rule to True so that a BlackBerry device can use this rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

VPN User Password IT policy rule

DescriptionThis rule specifies the default password that a BlackBerry® device uses to log in to your oganization's VPN server.

Default valueThe default value is a null value.

UsageSpecify a value for this rule if you want to configure a default password for all user accounts.

If a user types a password on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user typed.To retain the value on the BlackBerry device, verify that the updated rule uses the same value as this rule.

DependenciesYou must change the Enable VPN IT policy rule to True so that a BlackBerry device can use this rule.

Minimum requirements• Java® based BlackBerry device

Policy Reference Guide VPN policy group

219

Page 222: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

VPN Vendor Type IT policy rule

DescriptionThis rule specifies the type of VPN client that the VPN client on a BlackBerry® device emulates.

Default valueThe default value is a null value.

DependenciesYou must change the Enable VPN IT policy rule to True so that a BlackBerry device can use this rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

VPN Xauth Type IT policy rule

DescriptionThis rule specifies the type of user-level authentication that your organization's VPN server uses.

Default valueThe default value is User name and password required.

DependenciesYou must change the Enable VPN IT policy rule to True so that a BlackBerry® device can use this rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi policy groupThe previous name of this policy group was WLAN policy group.

Policy Reference Guide Wi-Fi policy group

220

Page 223: BlackBerry Enterprise Server - Telef³nica Czech Republic

BlackBerry Infrastructure Wi-Fi Access Mode IT policy rule

DescriptionThis rule specifies whether a Wi-Fi® enabled BlackBerry® device can connect to the BlackBerry® Infrastructure over a Wi-Finetwork to access the BlackBerry® Enterprise Server or BlackBerry® Internet Service.

The previous name of this rule was BlackBerry Infrastructure WLAN Access Mode.

Default valueThe default value is Access does not require VPN. A BlackBerry device can bypass an active VPN connection when the BlackBerrydevice connects to the BlackBerry Infrastructure over a Wi-Fi network.

UsageYou can select one of the following options to configure when a BlackBerry device can connect to the BlackBerry Infrastructureover a Wi-Fi network:• If you want a BlackBerry device to always use a VPN connection when the BlackBerry device connects to the BlackBerry

Infrastructure over a Wi-Fi network, you can select the Access requires VPN option. You can select this option if you wantto enforce the additional security that a VPN connection provides.

• If you do not want a BlackBerry device to connect to the BlackBerry Infrastructure over a Wi-Fi network, you can select theAccess disabled option.

DependenciesYou can override this rule using the related Wi-Fi configuration setting that is named Wi-Fi BlackBerry Infrastructure Wi-Fi accessmode. You can use this setting to configure the access mode for a specific Wi-Fi network, and this rule to configure the accessmode for other Wi-Fi networks.

If you turn off access to the BlackBerry Infrastructure over the Wi-Fi network using this rule, you cannot override this rule usingthe configuration setting.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry Enterprise Server version 5.0

Blocked Wi-Fi SSIDs IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device user from adding Wi-Fi® profiles for SSIDs that you specify to aBlackBerry device.

The previous name of this rule was Blocked WLAN SSIDs.

Default value

Policy Reference Guide Wi-Fi policy group

221

Page 224: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is a null value.

UsageSpecify a list of Wi-Fi SSIDs, separated by commas (,), that you do not want a BlackBerry device to associate with.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0

Disable GAN-Only Mode IT policy rule

DescriptionThis rule specifies whether a user can select the GAN-only mode from the list of GAN selection modes on a BlackBerry® device.

Default valueThe default value is False.

UsageChange this rule to True to prevent a user from using the GAN-only mode on a BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Disable GAN-Preferred Mode IT policy rule

DescriptionThis rule specifies whether a user can select the GAN-preferred mode from the list of GAN selection modes on a BlackBerry®device.

Default valueThe default value is False.

UsageChange this rule to True to prevent a user from using the GAN-preferred mode on a BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Policy Reference Guide Wi-Fi policy group

222

Page 225: BlackBerry Enterprise Server - Telef³nica Czech Republic

Disable GAN Selection Mode Editing IT policy rule

DescriptionThis rule specifies whether a user can change the GAN selection mode on a BlackBerry® device.

Default valueThe default value is False.

UsageChange this rule to True to prevent a user from changing the GAN selection mode on a BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Disable WAN-Only Mode IT policy rule

DescriptionThis rule specifies whether a user can select the WAN-only mode from the list of GAN selection modes on a BlackBerry® device.

Default valueThe default value is False.

UsageChange this rule to True to prevent a user from using the WAN-only mode on a BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Disable WAN-Preferred Mode IT policy rule

DescriptionThis rule specifies whether a user can select the WAN-preferred mode from the list of GAN selection modes on a BlackBerry®device.

Default value

Policy Reference Guide Wi-Fi policy group

223

Page 226: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is False.

UsageChange this rule to True to prevent a user from using the WAN-preferred mode on a BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Disable Wi-Fi IT policy rule

DescriptionThis rule specifies whether a user can access a Wi-Fi® network from a Wi-Fi enabled BlackBerry® device.

The previous name of this rule was Disable WLAN.

Default valueThe default value is False.

UsageChange this rule to True to prevent a user from accessing a Wi-Fi network from the BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Disable Wi-Fi Direct Access to BlackBerry Enterprise Server IT policy rule

DescriptionThis rule specifies whether a BlackBerry® device can connect to the BlackBerry® Enterprise Server using a Wi-Fi® connection.

The previous name of this rule was Disable WLAN Direct Access to BlackBerry Enterprise Server.

Default valueThe default value is a null value. The default value might vary depending on which mobile network provider a BlackBerry deviceis using.

UsageConfigure this rule to True to deny a BlackBerry device access to the BlackBerry Enterprise Server over a Wi-Fi network.

Minimum requirements

Policy Reference Guide Wi-Fi policy group

224

Page 227: BlackBerry Enterprise Server - Telef³nica Czech Republic

• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry Enterprise Server version 4.1 SP3

Disable Wi-Fi User Profiles IT policy rule

DescriptionThis rule specifies whether a user can create Wi-Fi® profiles on a BlackBerry® device.

The previous name of this rule was Disable WLAN User Profiles.

Default valueThe default value is False.

UsageChange this rule to True to prevent a user from creating Wi-Fi profiles on a BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

GAN Signal Quality Threshold IT policy rule

DescriptionThis rule specifies the signal quality threshold that a BlackBerry® device uses for handover from the WAN to the GAN.

Default valueThe default value is a null value. A BlackBerry device chooses a suitable value. This value might be specified by the mobile networkprovider.

UsageIn WAN-preferred mode, if the signal quality drops below the threshold, a BlackBerry device tries a handover to the GAN, ifpossible. The signal quality is related to the bit error rate and is described in the 3GPP® 5.08 8.2.4 specification as follows:• 0: good quality• 7: worst quality

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Policy Reference Guide Wi-Fi policy group

225

Page 228: BlackBerry Enterprise Server - Telef³nica Czech Republic

GAN Signal Strength Threshold IT policy rule

DescriptionThis rule specifies the signal strength threshold that a BlackBerry® device can use to rove in from the WAN to the GAN.

Default valueThe default value is a null value. A BlackBerry device chooses a suitable value. This value might be specified by the mobile networkprovider.

UsageIn the WAN-preferred mode, if the signal strength of the serving cell drops below the value that you specify, a BlackBerry deviceuses the GAN cell if one is available.

This value is specified in Received Signal Level units, as described in the 3GPP® 5.08 8.1.4 specification:• 0: -111 dBm• 63: -48 dBm

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

GAN Wi-Fi Threshold IT policy rule

DescriptionThis rule specifies the threshold for the Wi-Fi® signal quality when a BlackBerry® device changes from the GAN to the WAN. Ifthe Wi-Fi signal quality drops below the threshold in the GAN-preferred mode and an acceptable cell is available, the BlackBerrydevice tries to change from the GAN to the WAN.

The previous name of this rule was GAN WLAN Threshold.

Default valueThe default value is a null value. A BlackBerry device chooses an appropriate value. This value might be specified by the mobilenetwork provider.

UsageIf you choose Low, a BlackBerry device uses the GAN mode unless the Wi-Fi signal quality is very low.

If you choose Medium, a BlackBerry device uses the GAN mode if the Wi-Fi signal quality is high or medium.

If you choose High, a BlackBerry device uses the GAN mode only if the Wi-Fi signal quality is high.

Minimum requirements

Policy Reference Guide Wi-Fi policy group

226

Page 229: BlackBerry Enterprise Server - Telef³nica Czech Republic

• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Wi-Fi Allow Handheld Changes IT policy rule

DescriptionThis rule specifies whether users can change all Wi-Fi® policy rules on their BlackBerry® devices.

The previous name of this rule was WLAN Allow Handheld Changes.

Default valuesThe default value in the Default IT policy is True.

The default value in all other preconfigured IT policies is False.

UsageChange this rule to False to permit users to change only the user-specific Wi-Fi policy rules on a BlackBerry device. User-specificWi-Fi policy rules are Wi-Fi User Name IT policy rule and Wi-Fi User Password IT policy rule.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi Default Gateway IT policy rule

DescriptionThis rule specifies the default gateway in IP address format (for example, 10.0.0.1) that a BlackBerry® device can use if DHCP onthe BlackBerry device is turned off.

The previous name of this rule was WLAN Default Gateway.

Default valueThe default value is a null value.

UsageA BlackBerry device uses this rule only if you change the value for the Wi-Fi® DHCP Configuration IT policy rule to False.

DependenciesIf you configure the value for the Wi-Fi DHCP Configuration IT policy rule to True, do not change the value for this rule to True.

Minimum requirements• Java® based BlackBerry device

Policy Reference Guide Wi-Fi policy group

227

Page 230: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi Default KEY ID IT policy rule

DescriptionThis rule specifies the default WEP key ID. The permitted range is 1 to 4.

The previous name of this rule was WLAN Default KEY ID.

Default valueThe default value is 1.

UsageVerify that the WEP key ID matches the WEP access point ID and the corresponding WEP key.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi DHCP Configuration IT policy rule

DescriptionThis rule specifies whether your organization uses DHCP for dynamic network configuration.

The previous name of this rule was WLAN DHCP Configuration.

Default valueThe default value is True. DHCP is turned on.

UsageIf you use a Wi-Fi® network that includes subnets, turn on DHCP to permit roaming between subnets.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi Disable Prompt for Credentials Re-Entry IT policy rule

Description

Policy Reference Guide Wi-Fi policy group

228

Page 231: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether a BlackBerry® device turns off the prompt for a user to re-enter the Wi-Fi® credentials afterauthentication is not successful.

The previous name of this rule was WLAN Disable Prompt for Credentials Re-Entry.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Wi-Fi Enable Authentication Page IT policy rule

DescriptionThis rule specifies whether the Wi-Fi® Login browser is available on a BlackBerry® 7270 smartphone.

The previous name of this rule was WLAN Enable Authentication Page.

Default valueThe default value is False.

UsageChange this rule to True to permit a user to log in to a captive portal using a BlackBerry device.

This rule is obsolete in BlackBerry® Enterprise Server version 4.1 SP4 and later.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry Enterprise Server version 4.0 SP1

Wi-Fi IP Address IT policy rule

DescriptionThis rule specifies the IP address (for example, 10.0.0.1) that a BlackBerry® device can use if DHCP on the BlackBerry device isturned off.

The previous name of this rule was WLAN IP Address.

Default value

Policy Reference Guide Wi-Fi policy group

229

Page 232: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is a null value.

UsageA BlackBerry device uses this rule only if you change the Wi-Fi® DHCP Configuration IT policy rule to False.

DependenciesIf you change the Wi-Fi DHCP Configuration IT policy rule to True, do not change this rule to True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi Link Security IT policy rule

DescriptionThis rule specifies the type of security (for example, Open Wi-Fi® security, WEP, PSK, EAP-PEAP, EAP-LEAP, or EAP-TLS) that aBlackBerry® device requires to access a Wi-Fi® network.

The previous name of this rule was WLAN Link Security.

Default valueThe default value is Open Wi-Fi security.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi Minimal EAP-TLS Certificate Encryption Key Security Level IT policy rule

DescriptionThis rule specifies the minimum security level for a private key that an EAP authentication method (for example, EAP-TLS) useswith a client certificate.

The previous name of this rule was WLAN Minimal EAP-TLS Certificate Encryption Key Security Level.

Default valueThe default value is Low security. A BlackBerry® device prompts a user only once for the key store password so that the BlackBerrydevice can retrieve the private key and encrypt messages. The BlackBerry device stores the unencrypted private key with the Wi-Fi® profile.

Usage

Policy Reference Guide Wi-Fi policy group

230

Page 233: BlackBerry Enterprise Server - Telef³nica Czech Republic

If you change the value to Medium security, the BlackBerry device prompts a user only once for the key store password so thatthe BlackBerry device can retrieve the private key and encrypt messages. After the BlackBerry device retrieves the private key,the BlackBerry device only retrieves the private key again after the user resets the BlackBerry device. The BlackBerry devicecaches the private key in memory but does not store it with the Wi-Fi profile.

If you change the value to High security, the BlackBerry device always prompts the user for the key store password when itaccesses the private key and encrypts messages. The BlackBerry device does not store the unencrypted private key with the Wi-Fi profile.

This rule is obsolete in BlackBerry® Enterprise Server version 4.1 SP4 and later.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry Enterprise Server version 4.0 SP1

Wi-Fi Password Hidden on Input IT policy rule

DescriptionThis rule specifies whether the password for Wi-Fi® authentication is represented by asterisks (*) as the user types it.

The previous name of this rule was WLAN Password Hidden on Input.

Default valueThe default value is False. A BlackBerry® device displays the characters that the user types.

UsageChange this rule to True to mask the password that the user types.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Wi-Fi Preshared Key IT policy rule

DescriptionThis rule specifies the PSK if your organization uses PSK to authenticate to a Wi-Fi® network.

The previous name of this rule was WLAN Preshared Key.

Default value

Policy Reference Guide Wi-Fi policy group

231

Page 234: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is a null value.

DependenciesA BlackBerry® device uses this rule only if you configure the Wi-Fi Link Security IT policy rule to PSK.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi Primary DNS IT policy rule

DescriptionThis rule specifies the primary DNS in IP address format (for example, 10.0.0.1) that a BlackBerry® device can use if DHCP onthe BlackBerry device is turned off.

The previous name of this rule was WLAN Primary DNS.

Default valueThe default value is a null value.

UsageA BlackBerry device uses this rule only if you change the Wi-Fi® DHCP Configuration IT policy rule to False.

DependenciesIf you change the Wi-Fi DHCP Configuration IT policy rule to True, do not change this rule to True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi Profile Forwarding Mode IT policy rule

DescriptionThis rule specifies whether a user can forward the Wi-Fi® profiles that the user creates on a BlackBerry® device to anotherBlackBerry device using an email message, PIN message, SMS text message, or BlackBerry® Messenger message, with or withouta password.

The previous name of this rule was WLAN profile forwarding mode.

Default value

Policy Reference Guide Wi-Fi policy group

232

Page 235: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is Enabled.

UsageYou cannot resend an IT policy to forward Wi-Fi profiles.

DependenciesA user can forward a Wi-Fi profile using a PIN message only if you change the Allow Peer-to-Peer Messages IT policy rule toTrue, and the Firewall Block Incoming Messages IT policy rule does not prevent the BlackBerry device from processing PINmessages.

A user can forward a Wi-Fi profile using an SMS text message only if you change the Allow SMS IT policy rule to True, and theFirewall Block Incoming Messages IT policy rule does not prevent the BlackBerry device from processing SMS text messages.

A user can forward a Wi-Fi profile using BlackBerry Messenger only if you change the Disable BlackBerry Messenger IT policyrule to False, and the Firewall Block Incoming Messages IT policy rule does not prevent the BlackBerry device from processingSMS messages.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0• BlackBerry® Smart Card Reader version 2.0

Wi-Fi Secondary DNS IT policy rule

DescriptionThis rule specifies the secondary DNS in IP address format (for example, 10.0.0.1) that a BlackBerry® device can use if DHCP onthe BlackBerry device is turned off.

The previous name of this rule was WLAN Secondary DNS.

Default valueThe default value is a null value.

UsageA BlackBerry device uses this rule only if you change the Wi-Fi® DHCP Configuration IT policy rule to False.

DependenciesIf you change the Wi-Fi DHCP Configuration IT policy rule to True, do not change this rule to True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Policy Reference Guide Wi-Fi policy group

233

Page 236: BlackBerry Enterprise Server - Telef³nica Czech Republic

Wi-Fi SSID IT policy rule

DescriptionThis rule specifies the network name of the Wi-Fi® network and its wireless access points. The SSID is case-sensitive.

The previous name of this rule was WLAN SSID.

Default valueThe default value is a null value.

UsageYou must change the value before a BlackBerry® device can access the Wi-Fi network.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi Subnet Mask IT policy rule

DescriptionThis rule specifies the subnet mask in IP address format (for example, 10.0.0.1) that a BlackBerry® device can use if DHCP onthe BlackBerry device is turned off.

The previous name of this rule was WLAN Subnet Mask.

Default valueThe default value is a null value.

UsageA BlackBerry device uses this rule only if you change the Wi-Fi® DHCP Configuration IT policy rule to False.

DependenciesIf you change the Wi-Fi DHCP Configuration IT policy rule to True, do not change this rule to True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Policy Reference Guide Wi-Fi policy group

234

Page 237: BlackBerry Enterprise Server - Telef³nica Czech Republic

Wi-Fi User Name IT policy rule

DescriptionThis rule specifies the user name for PEAP or LEAP security access on a BlackBerry® device.

The previous name of this rule was WLAN User Name.

Default valueThe default value is a null value.

UsageConfigure a value if you want to create a default value for all users.

If a user types a user name on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user types.To retain the value that the user specifies on the BlackBerry device, verify that the updated IT policy uses the same value as theIT policy on the BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi User Password IT policy rule

DescriptionThis rule specifies the password for PEAP or LEAP security access on a BlackBerry® device.

The previous name of this rule was WLAN User Password.

Default valueThe default value is a null value.

UsageConfigure a value if you want to create a default value for all users.

If a user types a password on a BlackBerry device manually, any IT policy updates overwrite or delete the value that the usertypes. To retain the value that the user specifies on the BlackBerry device, verify that the updated IT policy uses the same valueas the IT policy on the BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Policy Reference Guide Wi-Fi policy group

235

Page 238: BlackBerry Enterprise Server - Telef³nica Czech Republic

Wi-Fi WEP Key 1 IT policy rule

DescriptionThis rule specifies the password for WEP key 1 using the format xx:xx:xx:xx:xx.

The previous name of this rule was WLAN WEP Key 1.

Default valueThe default value is a null value.

UsageValid values are either 5 or 13 pairs of hexadecimal digits (0 to 9 and A to F) separated by a colon (for example, AB:CD:EF:01:23or AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23).

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi WEP Key 2 IT policy rule

DescriptionThis rule specifies the password for WEP key 2 using the format xx:xx:xx:xx:xx.

The previous name of this rule was WLAN WEP Key 2.

Default valueThe default value is a null value.

UsageValid values are either 5 or 13 pairs of hexadecimal digits (0 to 9 and A to F) separated by a colon (for example, AB:CD:EF:01:23or AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23).

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi WEP Key 3 IT policy rule

Description

Policy Reference Guide Wi-Fi policy group

236

Page 239: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies the password for WEP key 3 using the format xx:xx:xx:xx:xx.

The previous name of this rule was WLAN WEP Key 3.

Default valueThe default value is a null value.

UsageValid values are either 5 or 13 pairs of hexadecimal digits (0 to 9 and A to F) separated by a colon (for example, AB:CD:EF:01:23or AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23).

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi WEP Key 4 IT policy rule

DescriptionThis rule specifies the password for WEP key 4 using the format xx:xx:xx:xx:xx.

The previous name of this rule was WLAN WEP Key 4.

Default valueThe default value is a null value.

UsageValid values are either 5 or 13 pairs of hexadecimal digits (0 to 9 and A to F) separated by a colon (for example, AB:CD:EF:01:23or AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23).

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0 SP1

Wireless Software Upgrades policy group

Allow Non Enterprise Upgrade IT policy rule

Description

Policy Reference Guide Wireless Software Upgrades policy group

237

Page 240: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether to permit Research In Motion or a wireless service provider to request that a BlackBerry® devicedownload updates for the BlackBerry® Device Software over the wireless network.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry Device Software version 4.5• BlackBerry® Enterprise Server version 4.1 SP4

Disallow Device User Requested Rollback IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device user from returning to a previous version of the BlackBerry® DeviceSoftware after a previously successful update of the BlackBerry Device Software over the wireless network.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry Device Software version 4.5• BlackBerry® Enterprise Server version 4.1 SP4

Disallow Device User Requested Upgrade IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device user from requesting available updates for the BlackBerry® DeviceSoftware over the wireless network.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry Device Software version 4.5• BlackBerry® Enterprise Server version 4.1 SP4

Policy Reference Guide Wireless Software Upgrades policy group

238

Page 241: BlackBerry Enterprise Server - Telef³nica Czech Republic

Disallow Patch Download Over International Roaming WAN IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device from downloading updates for the BlackBerry® Device Software overa WAN connection when roaming internationally.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry Device Software version 4.5• BlackBerry® Enterprise Server version 4.1 SP4

Disallow Patch Download Over Roaming WAN IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device from downloading updates for the BlackBerry® Device Software overa WAN connection when roaming.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry Device Software version 4.5• BlackBerry® Enterprise Server version 4.1 SP4

Disallow Patch Download Over WAN IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device from downloading updates for the BlackBerry® Device Software overa WAN connection.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry Device Software version 4.5

Policy Reference Guide Wireless Software Upgrades policy group

239

Page 242: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Enterprise Server version 4.1 SP4

Disallow Patch Download Over Wi-Fi IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device from downloading updates for the BlackBerry® Device Software overa Wi-Fi® connection.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry Device Software version 4.5• BlackBerry® Enterprise Server version 4.1 SP4

WTLS Application policy group

WTLS Disable Invalid Connection IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device from permitting WTLS connections to servers that have invalidcertificates.

Default valueThe default value is Prompt user on BlackBerry device.

UsageIf you want to prevent a BlackBerry device user from connecting to WTLS servers that have invalid certificates, change this ruleto Disable invalid connections.

If you want to permit a BlackBerry device user to connect to WTLS servers that have invalid certificates, change this rule to Allowinvalid connections.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 3.6

Policy Reference Guide WTLS Application policy group

240

Page 243: BlackBerry Enterprise Server - Telef³nica Czech Republic

WTLS Disable Untrusted Connection IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device from permitting WTLS connections to untrusted servers.

Default valueThe default value is Prompt user on BlackBerry device.

UsageIf you want to prevent a BlackBerry® device user from creating WTLS connections to untrusted servers, change this rule to Disableuntrusted connections.

If you want to permit a BlackBerry® device user to create WTLS connections to untrusted servers, change this rule to Allowuntrusted connections.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry® Enterprise Server version 3.6

WTLS Disable Weak Ciphers IT policy rule

DescriptionThis rule specifies whether to prevent a BlackBerry® device from using weak algorithms over WTLS connections.

Default valueThe default value is Prompt user on BlackBerry device.

UsageIf you want to prevent a BlackBerry device user from using weak algorithms over WTLS connections, change this rule to Disableweak algorithms.

If you want to permit a BlackBerry device user to use weak algorithms over WTLS connections, change this rule to Allow weakalgorithms.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6

Policy Reference Guide WTLS Application policy group

241

Page 244: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Enterprise Server version 3.6

WTLS Minimum Strong DH Key Length IT policy rule

DescriptionThis rule specifies the minimum DH key size (in bits) to use over WTLS connections. The permitted range is 512 through 4096 bits.

Default valueThe default value on a BlackBerry® device is 1024 bits.

The default value on the BlackBerry® Enterprise Server is 512 bits.

UsageIf you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on a BlackBerrydevice, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificatethat is lower than the minimum key size on the BlackBerry Enterprise Server.

For example, when a user browses to a secure web site that uses a 512-bit DH key in its certificate, the BlackBerry device promptsthe user to trust the web site. If the user trusts the web site and selects the Don't Ask Again option, the minimum key size on theBlackBerry device is configured to 512 bits. If you configure the minimum key size on the BlackBerry Enterprise Server to 2048bits, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate thatis lower than 2048 bits.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry Enterprise Server version 3.6

WTLS Minimum Strong ECC Key Length IT policy rule

DescriptionThis rule specifies the minimum ECC key size (in bits) to use over WTLS connections. The permitted range is 160 through 571 bits.

Default valueThe default value on the BlackBerry® device is 163 bits.

The default value on the BlackBerry® Enterprise Server is 160 bits.

Usage

Policy Reference Guide WTLS Application policy group

242

Page 245: BlackBerry Enterprise Server - Telef³nica Czech Republic

If you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on a BlackBerrydevice, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificatethat is lower than the minimum key size on the BlackBerry Enterprise Server.

For example, when a user browses to a secure web site that uses a 160-bit ECC key in its certificate, the BlackBerry device promptsthe user to trust the web site. If the user trusts the web site and selects the Don't Ask Again option, the minimum key size on theBlackBerry device is configured to 160 bits. If you configure the minimum key size on the BlackBerry Enterprise Server to 233bits, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate thatis lower than 233 bits.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry Enterprise Server version 3.6

WTLS Minimum Strong RSA Key Length IT policy rule

DescriptionThis rule specifies the minimum RSA® key size (in bits) to use over WTLS connections. The permitted range is 512 through 4096bits.

Default valueThe default value on the BlackBerry® device is 1000 bits.

The default value on the BlackBerry® Enterprise Server is 512 bits.

UsageIf you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on a BlackBerrydevice, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificatethat is lower than the minimum key size on the BlackBerry Enterprise Server.

For example, when a user browses to a secure web site that uses a 512-bit RSA key in its certificate, the BlackBerry device promptsthe user to trust the web site. If the user trusts the web site and selects the Don't Ask Again option, the minimum key size on theBlackBerry device is configured to 512 bits. If you configure the minimum key size on the BlackBerry Enterprise Server to 2048bits, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate thatis lower than 2048 bits.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 3.6• BlackBerry Enterprise Server version 3.6

Policy Reference Guide WTLS Application policy group

243

Page 246: BlackBerry Enterprise Server - Telef³nica Czech Republic

WTLS Restrict FIPS Ciphers IT policy rule

DescriptionThis rule specifies whether the BlackBerry® device can use an algorithm with WTLS that is not FIPS-compliant.

Default valueThe default value is False.

UsageBy default, if you configure the FIPS Level IT policy rule to 2, a BlackBerry device ignores this rule and uses only algorithms thatare FIPS-compliant.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Connect™ version 4.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Policy Reference Guide WTLS Application policy group

244

Page 247: BlackBerry Enterprise Server - Telef³nica Czech Republic

Descriptions of application control policy rules 3

For information about configuring application control policy rules, see the BlackBerry Enterprise Server Administration Guide.

Are Internal Network Connections Allowed application control policy ruleDescriptionThis rule specifies whether an application can make internal network connections. You can configure this rule to prevent theapplication from sending or receiving any data on a BlackBerry® device using an internal protocol (for example, the BlackBerryMDS Connection Service). You can also configure this rule so that an application prompts a user before it makes internalconnections through the BlackBerry device firewall.

Default valueThe default value is Prompt User.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Are External Network Connections Allowed application control policy ruleDescriptionThis rule specifies whether an application can make external network connections. You can configure this rule to prevent theapplication from sending or receiving any data on a BlackBerry® device using an external protocol (such as WAP or TCP). Youcan also configure this rule so that an application prompts a user before it makes external connections through the BlackBerrydevice firewall.

Default valueThe default value is Prompt User.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Policy Reference Guide Descriptions of application control policy rules

245

Page 248: BlackBerry Enterprise Server - Telef³nica Czech Republic

Local Connections application control policy ruleDescriptionThis rule specifies whether an application can make local network connections (for example, connections to a BlackBerry® deviceusing a USB or serial port).

Default valueThe default value is Allowed.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Can Device Settings be Modified application control policy ruleDescriptionThis rule specifies whether an application can change configuration and user settings on a BlackBerry® device.

Default valueThe default value is Allowed.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 5.0

Can the Security Timer be Reset application control policy ruleDescriptionThis rule specifies whether an application can reset the time that must pass before a BlackBerry® device locks automatically.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1

Policy Reference Guide Local Connections application control policy rule

246

Page 249: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Enterprise Server version 5.0

Disposition application control policy ruleDescriptionThis rule specifies whether an application is optional, required, or not permitted on the BlackBerry® device. You can use this ruleto make a specific application mandatory on the BlackBerry device or to prevent unspecified or untrusted applications from beinginstalled on the BlackBerry device.

Default valueThe default value is Optional.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Browser Filters application control policy ruleDescriptionThis rule specifies whether an application can access browser filter APIs to register a browser filter on a BlackBerry® device. Youcan use this rule to permit third-party applications to apply custom browser filters to web page content on a BlackBerry device.

Default valueThe default value is Not Permitted.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Email application control policy ruleDescriptionThis rule specifies whether an application can send and receive email messages using a BlackBerry® device.

Default value

Policy Reference Guide Disposition application control policy rule

247

Page 250: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is Allowed.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Is Access to the Event Injection API Allowed application control policy ruleDescriptionThis rule specifies whether an application can simulate input events on a BlackBerry® device, such as pressing keys or performingtrackball actions.

Default valueThe default value is Not Permitted.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Is Access to the File API Allowed application control policy ruleDescriptionThis rule specifies whether an application can access, change, delete, and move files on a BlackBerry® device.

Default valueThe default value is Allowed.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2• BlackBerry® Enterprise Server version 5.0

Is Access to the GPS API Allowed application control policy ruleDescription

Policy Reference Guide Is Access to the Event Injection API Allowed application control policy rule

248

Page 251: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether an application can access the GPS APIs on a BlackBerry® device. You can configure this rule to preventthe application from accessing the GPS APIs on a BlackBerry device or to prompt the user before an application can access theGPS APIs.

Default valueThe default value is Prompt User.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.1 SP2

Is Access to the Handheld Key Store Allowed application control policy ruleDescriptionThis rule specifies whether an application can access the key store APIs on a BlackBerry® device.

Default valueThe default value is Allowed.

DependenciesIf you configure the Minimal Signing Key Store Security Level and the Minimal Encryption Key Store Security Level IT policy rulesto use the high security level, this rule does not apply. A BlackBerry device prompts the user for the key store password each timethat an application tries to access the private key.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Is Access to the Interprocess Communication API Allowed application controlpolicy ruleDescriptionThis rule specifies whether an application can perform cross application communication operations. You can use this rule topermit two or more applications to share data or for one application to use the connection permissions of another application.

Default value

Policy Reference Guide Is Access to the Handheld Key Store Allowed application control policy rule

249

Page 252: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is Allowed.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Is Access to the Phone API Allowed application control policy ruleDescriptionThis rule specifies whether an application can make calls and access call logs on a BlackBerry® device. You can configure thisrule to prevent the application from making calls on a BlackBerry device or to prompt a user before the user makes calls.

Default valueThe default value is Prompt User.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Is Access to the Media API Allowed application control policy ruleDescriptionThis rule specifies whether an application can run or create multimedia files on a BlackBerry® device.

Default valueThe default value is Allowed.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.3• BlackBerry® Enterprise Server version 5.0

Is Access to the Module Management API Allowed application control policyruleDescription

Policy Reference Guide Is Access to the Phone API Allowed application control policy rule

250

Page 253: BlackBerry Enterprise Server - Telef³nica Czech Republic

This rule specifies whether an application can add, modify or delete Java® .cod files on theBlackBerry® device.

Default valueThe default value is Allowed.

Minimum requirements• Java based BlackBerry device• BlackBerry® Device Software version 4.3• BlackBerry® Enterprise Server version 5.0

Is Access to the PIM API Allowed application control policy ruleDescriptionThis rule specifies whether an application can access the BlackBerry® device PIM APIs, which control access to a user's personalinformation, such as contacts, on a BlackBerry device.

Note: Permitting an application to access PIM data APIs and use internal and external network connection protocols mightpermit an application to send all of a user’s personal information from a BlackBerry device.

Default valueThe default value is Allowed.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Is Access to the Screen, Microphone, and Video Capturing APIs Allowedapplication control policy ruleDescriptionThis rule specifies whether an application can record media, such as audio and video, using the BlackBerry® Browser or otherapplications on a BlackBerry device.

Default valueThe default value is False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1

Policy Reference Guide Is Access to the PIM API Allowed application control policy rule

251

Page 254: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Enterprise Server version 5.0

Is Access to the Serial Port Profile for Bluetooth API Allowed applicationcontrol policy ruleDescriptionThis rule specifies whether an application can access the Bluetooth® SPP API.

Default valueThe default value is Allowed.

DependenciesIf you configure the Disable Serial Port Profile IT policy rule to True, this rule does not apply. A BlackBerry® device cannot usethe Bluetooth SPP to establish a serial connection to a Bluetooth enabled device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Is Access to the User Authenticator API Allowed application control policyruleDescriptionThis rule specifies whether an application can access the user authenticator framework API. The user authenticator frameworkpermits the registration of drivers that provide two-factor authentication to unlock a BlackBerry® device.

This rule applies to the BlackBerry® Device Software and third-party Java® applications.

Default valueThe default value is Allowed.

UsageFor BlackBerry devices that are running BlackBerry Device Software version 5.0 and later, this rule applies to drivers for smartcard readers and to custom two-factor authentication methods that are created by developers in your organization.

For BlackBerry devices that are running BlackBerry Device Software versions that are earlier than version 5.0, this rule appliesto drivers for smart cards only.

Minimum requirements

Policy Reference Guide Is Access to the Serial Port Profile for Bluetooth API Allowed application control policy rule

252

Page 255: BlackBerry Enterprise Server - Telef³nica Czech Republic

• Java based BlackBerry device• BlackBerry Device Software version 4.0• BlackBerry® Enterprise Server version 4.1 SP2

Is Access to the Wi-Fi API Allowed application control policy ruleDescriptionThis rule specifies whether a BlackBerry® device can send and receive data over a Wi-Fi® connection and access informationabout the Wi-Fi network.

Default valueThe default value is Allowed.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 5.0

Is Key Store Medium Security Allowed application control policy ruleDescriptionThis rule specifies whether an application can access key store items that are stored at the medium security level. The applicationmust prompt a BlackBerry® device user for the key store password when it tries to access the private key for the first time orwhen the private key password timeout expires.

Default valueThe default value is Allowed.

DependenciesIf you configure the Minimal Signing Key Store Security Level and the Minimal Encryption Key Store Security Level IT policy rulesto use the high security level, this rule does not apply. A BlackBerry device prompts the user for the key store password each timethat an application tries to access the private key.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Policy Reference Guide Is Access to the Wi-Fi API Allowed application control policy rule

253

Page 256: BlackBerry Enterprise Server - Telef³nica Czech Republic

Is Theme Data Allowed application control policy ruleDescriptionThis rule specifies whether a user can use custom theme applications that are developed using the Plazmic® Content Developer’sKit as themes on a BlackBerry® device.

Default valueThe default value is Allowed.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.1 SP2

List of Browser Filter Domains application control policy ruleDescriptionThis rule specifies the list of domains for which an application can apply browser filters to web page content on a BlackBerry®device. For example, you can specify www.google.com and www.yahoo.com as domains for which an application can use a browserfilter for search engines.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

List of External Domains application control policy ruleDescriptionThis rule specifies the external domain names that an application can establish a connection to.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry® device

Policy Reference Guide Is Theme Data Allowed application control policy rule

254

Page 257: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

List of Internal Domains application control policy ruleDescriptionThis rule specifies the internal domain names that an application can establish a connection to.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Application Suite version 1.0• BlackBerry® Device Software version 4.0• BlackBerry® Enterprise Server version 4.0

Policy Reference Guide List of Internal Domains application control policy rule

255

Page 258: BlackBerry Enterprise Server - Telef³nica Czech Republic

Configuration settings 4

Configuration settings for VoIP profiles

Allow VoIP configuration setting

DescriptionThis setting specifies whether a user can make VoIP calls on a Wi-Fi® enabled BlackBerry® device.

Default valueThe default value is True.

UsageTo turn off VoIP, change this setting to False.

This setting is made obsolete by the BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

SIP Authentication ID configuration setting

DescriptionThis setting specifies the SIP authentication ID that a BlackBerry® device uses to authenticate to your organization's SIP server.

Default valueThe default value is a null value.

UsageSpecify a value only if your organization’s SIP server requires it.

This setting is made obsolete by the BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

Policy Reference Guide Configuration settings

256

Page 259: BlackBerry Enterprise Server - Telef³nica Czech Republic

SIP Domain configuration setting

DescriptionThis setting specifies the SIP domain where the SIP User ID is valid.

Default valueThe default value is a null value.

UsageThis setting is made obsolete by the BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

SIP Local Port configuration setting

DescriptionThis setting specifies the network port number that a BlackBerry® device listens for incoming SIP messages on.

Default valueThe default value is 5060.

UsageThis setting is made obsolete by the BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

SIP Realm configuration setting

DescriptionThis setting specifies the name of the SIP domain or host that shares authentication information with your organization's SIPserver.

Default value

Policy Reference Guide Configuration settings for VoIP profiles

257

Page 260: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is None.

UsageConfigure this setting to specify a name for a SIP domain or host. The SIP realm value on a BlackBerry® device must be the sameas the SIP realm value that you specify on the SIP server.

This setting is made obsolete by the BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

SIP Registration Timeout configuration setting

DescriptionThis setting specifies the time, in minutes, that elapses before the SIP registration process expires.

Default valueThe default value is 25 minutes.

UsageThis setting is made obsolete by the BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

SIP RTP Media Port configuration setting

DescriptionThis setting specifies the network port number that a BlackBerry® device uses for outgoing RTP media streams.

Default valueThe default value is 51100.

UsageThis setting is made obsolete by the BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0

Policy Reference Guide Configuration settings for VoIP profiles

258

Page 261: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Enterprise Server version 4.0 SP1

SIP Server Name configuration setting

DescriptionThis setting specifies the name or IP address of your organization's SIP proxy server.

Default valueThe default value is a null value.

UsageThis setting is made obsolete by the BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

SIP Server Port configuration setting

DescriptionThis setting specifies the port number on your organization's SIP proxy server that the SIP proxy server uses to make networkconnections. The permitted range is 0 to 65536.

Default valueThe default value is 5060.

UsageChange this setting only if the port number on the SIP proxy server is not 5060.

This setting is made obsolete by the BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

SIP Server Transport configuration setting

Description

Policy Reference Guide Configuration settings for VoIP profiles

259

Page 262: BlackBerry Enterprise Server - Telef³nica Czech Republic

This setting specifies the transport protocol that your organization's SIP server uses.

Default valueThe default value is UDP.

UsageChange this setting only if the transport protocol is not UDP.

This setting is made obsolete by the BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

SIP Server Type configuration setting

DescriptionThis setting specifies the type of SIP proxy server that a BlackBerry® device can connect to.

Default valueThe default value is Generic SIP.

UsageChange this setting only if the SIP proxy server is not generic.

This setting is made obsolete by the BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

SIP User Display Name configuration setting

DescriptionThis setting specifies the user name that your organization's SIP server displays when it sends a user’s SIP address to a BlackBerry®device.

Default valueThe default value is a null value.

Usage

Policy Reference Guide Configuration settings for VoIP profiles

260

Page 263: BlackBerry Enterprise Server - Telef³nica Czech Republic

Configure this setting if you want to create a default value for all users.

This setting is made obsolete by the BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

SIP User ID configuration setting

DescriptionThis setting specifies the SIP user ID that a BlackBerry® device uses to register with your organization's SIP proxy server.

Default valueThe default value is a null value.

UsageConfigure this setting if you want to create a default value for all users.

If the user types a SIP user ID on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user typed.To retain the value that the user types on the BlackBerry device, verify that the updated IT policy uses the same value as this setting.

This setting is made obsolete by the BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

SIP User Password configuration setting

DescriptionThis setting specifies the SIP user password that a BlackBerry® device uses to authenticate to your organization's SIP proxy server.

Default valueThe default value is a null value.

UsageConfigure this setting if you want to create a default value for all users.

If the user types a password on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user typed.To retain the value that the user types on the BlackBerry device, verify that the updated IT policy uses the same value as this setting.

Policy Reference Guide Configuration settings for VoIP profiles

261

Page 264: BlackBerry Enterprise Server - Telef³nica Czech Republic

This setting is made obsolete by the BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

VoIP Allow BlackBerry Device Changes configuration setting

DescriptionThis setting specifies whether a user can change SIP and VoIP settings on a BlackBerry® device for remote troubleshootingpurposes.

Default valueThe default value is True.

UsageThis setting is made obsolete by the BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

VoIP Emergency Number configuration setting

DescriptionThis setting specifies the emergency number that a BlackBerry® device can use on your organization’s network.

Default valueThe default value is 911.

UsageTwo versions of this setting are available. Refer to the descriptions in the BlackBerry Administration Service to determine whichversion of this setting is appropriate for the BlackBerry devices in your organization. One version of the setting is valid forBlackBerry® Device Software versions 4.0.0 to 4.0.1.90 only and you must configure it as an integer. The other version of thesetting is valid for BlackBerry Device Software versions 4.0.1 and later and you must configure it as a string.

This setting is made obsolete by the BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry Device Software version 4.0.0

Policy Reference Guide Configuration settings for VoIP profiles

262

Page 265: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Enterprise Server version 4.0 SP1

VoIP Enable Attended Call Transfer configuration setting

DescriptionThis setting specifies whether a user can perform an attended transfer of a VoIP call (where the original call does not end untilthe user dials the transfer number and clicks Complete Transfer) on a BlackBerry® device.

Default valueThe default value is True.

UsageTo use this feature, verify that your organization’s PBX permits phones to transfer VoIP calls.

This setting is made obsolete by the BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

VoIP Enable Call Hold configuration setting

DescriptionThis setting specifies whether a user can place a VoIP call on hold on a BlackBerry® device.

Default valueThe default value is True.

UsageThis setting is made obsolete by the BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

VoIP Enable Unattended Call Transfer configuration setting

Description

Policy Reference Guide Configuration settings for VoIP profiles

263

Page 266: BlackBerry Enterprise Server - Telef³nica Czech Republic

This setting specifies whether a user can perform an unattended transfer to a VoIP call (where the original call ends automaticallywhen the user dials the transfer number) on a BlackBerry® device.

Default valueThe default value is True.

UsageTo use this feature, verify that your organization’s PBX permits phones to transfer VoIP calls.

This setting is made obsolete by the BlackBerry® Mobile Voice System.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

Configuration settings for VPN profiles

Enable VPN configuration setting

DescriptionThis setting specifies whether the VPN client on a BlackBerry® device is turned on.

Default valueThe default value is False. The BlackBerry device might not be able to use a Wi-Fi® network that requires VPN access, or it mightrequire the use of an alternative form of access control.

UsageChange this setting to True to require that a BlackBerry device use a VPN server to access a Wi-Fi network.

This configuration setting is obsolete in BlackBerry® Enterprise Server versions 4.1 SP3 and later.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry Enterprise Server version 4.1 SP2

Suppress VPN Banner configuration setting

Description

Policy Reference Guide Configuration settings for VPN profiles

264

Page 267: BlackBerry Enterprise Server - Telef³nica Czech Republic

This setting specifies whether the VPN dialog box displays on a BlackBerry® device.

Default valueThe default value is True. The VPN dialog box does not display on the BlackBerry device.

UsageTo display the VPN dialog box after the BlackBerry device connects to the VPN server, change this setting to False.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Use VPN Xauth configuration setting

DescriptionThis setting specifies whether the VPN client on a BlackBerry® device should use Xauth certificates to authenticate to yourorganization's VPN gateway.

Default valueThe default value is False.

UsageYou must change the Enable VPN configuration setting to True so that a BlackBerry device can use this configuration setting.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

VPN Allow Handheld Changes configuration setting

DescriptionThis setting specifies whether a user can change all VPN policy rules on a BlackBerry® device.

Default valueThe default value is True.

UsageIf you change this setting to False, a user can continue to change the VPN user name and VPN password on a BlackBerry device.

Minimum requirements

Policy Reference Guide Configuration settings for VPN profiles

265

Page 268: BlackBerry Enterprise Server - Telef³nica Czech Republic

• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

VPN Allow Password Save configuration setting

DescriptionThis setting specifies whether a user can save the VPN password on a BlackBerry® device.

Default valueThe default value is True.

UsageIf you change this setting to False (password not saved), the user must type a VPN password each time the BlackBerry deviceconnects to the VPN concentrator.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

VPN Disable Server Certificate Validation configuration setting

DescriptionThis setting specifies whether a BlackBerry® device requires a certificate to authenticate with VPN gateways that support PKI-based authentication using certificates.

Default valueThe default value is False.

UsageChange this setting to True to turn off server certificate validation during PKI-based authentication.

DependenciesThis setting applies to the following VPN gateways that support PKI-based authentication using certificates: the Cisco® SecurePIX Firewall, the Cisco IOS with Easy VPN Server, the NetScreen® Series Security Systems, and the Nortel Networks® ContivityVPN switch.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0

Policy Reference Guide Configuration settings for VPN profiles

266

Page 269: BlackBerry Enterprise Server - Telef³nica Czech Republic

VPN DNS Configuration configuration setting

DescriptionThis setting specifies your organization's VPN DNS configuration.

Default settingThe default value is True. A BlackBerry® device retrieves DNS settings from the VPN gateway.

UsageTo require that the BlackBerry device use the static settings that are specified in the VPN Primary DNS configuration setting,VPN Secondary DNS configuration setting, and VPN Domain Name configuration setting, change this setting to False.

DependenciesYou must change the Enable VPN configuration setting to True so that a BlackBerry device can use this configuration setting.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

VPN Domain Name configuration setting

DescriptionThis setting specifies the suffix for your organization's domain name using the FQDN format.

Default valueThe default value is a null value.

UsageYou must change the Enable VPN configuration setting to True and the VPN DNS Configuration configuration setting to Falseso that a BlackBerry® device can use this configuration setting.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

VPN Gateway Address configuration setting

Description

Policy Reference Guide Configuration settings for VPN profiles

267

Page 270: BlackBerry Enterprise Server - Telef³nica Czech Republic

This setting specifies the IP address or FQDN of your organization's VPN server.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

VPN Group Name configuration setting

DescriptionThis setting specifies the group name of your organization's VPN server.

Default valueThe default value is a null value.

UsageSpecify the group name of your organization's VPN server only if the type of VPN client requires it.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

VPN Group Password configuration setting

DescriptionThis setting specifies the group password of your organization's VPN server.

Default valueThe default value is a null value.

UsageSpecify the group name of your organization's VPN server only if the type of VPN client requires it.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

Policy Reference Guide Configuration settings for VPN profiles

268

Page 271: BlackBerry Enterprise Server - Telef³nica Czech Republic

VPN Hard Token Required configuration setting

DescriptionThis setting specifies whether the VPN server requires that a BlackBerry® device use a hard token as part of the password forauthentication.

Default valueThe default value is False.

UsageChange this setting to True if the VPN server requires a hard token (for example, RSA SecurID®) as part of the password forauthentication.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

VPN IKE Cipher configuration setting

DescriptionThis setting specifies the encryption algorithm that a BlackBerry® device uses to authenticate IKE exchanges.

Default valueThe default value is AES-128.

UsageChange this setting only if the encryption algorithm does not support AES-128.

Minimum requirements• Java® based BlackBerry device that is running BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

VPN IKE DH Group configuration setting

DescriptionThis setting specifies the DH group that a BlackBerry® device uses to generate key material.

Default value

Policy Reference Guide Configuration settings for VPN profiles

269

Page 272: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is Group 7 (elliptic curve cryptography).

UsageChange this setting only if the the DH group does not use ECC.

DependenciesYou must change the Enable VPN configuration setting to True so that a BlackBerry device can use this setting.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

VPN IKE Hash configuration setting

DescriptionThis setting specifies the hash method authentication code that a BlackBerry® device can use.

Default valueThe default value is SHA-1 (160 bits).

UsageChange this setting only if the hash method authentication code does not support SHA-1 (160 bits).

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

VPN IP Address configuration setting

DescriptionThis setting specifies the IP address of the VPN.

Default valueThe default value is 0.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Policy Reference Guide Configuration settings for VPN profiles

270

Page 273: BlackBerry Enterprise Server - Telef³nica Czech Republic

VPN IPSec Cipher and Hash configuration setting

DescriptionThis setting specifies the encryption algorithm and hash that a BlackBerry® device uses for IPSec Security Associations.

Default valueThe default value is AES-128 Cipher and SHA-1 Hash.

UsageChange this setting only if the IPSec Cipher and Hash are not AES-128 and SHA-1.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

VPN Minimal Certificate Encryption Key Security Level configuration setting

DescriptionThis setting specifies the minimum security level for private keys that a BlackBerry® device uses for authentication methods thatrequire client certificates.

Default valueThe default value is Low security. A BlackBerry device prompts the user only once for the key store password. The BlackBerrydevice retrieves and stores, in unencrypted format, the private key with the VPN profile.

UsageIf you change this setting to High security, a BlackBerry device always prompts the user for the key store password when theBlackBerry device requires access to the private key. This might happen frequently, even if the user typed the password recently.Private keys are not stored with the VPN profile.

If you change this setting to Medium security, the BlackBerry device prompts the user for the key store password the first timeonly and, from that point forward, only prompts the user after the user resets the BlackBerry device. Private keys are cached inmemory but are not stored with the VPN profile.

This rule is obsolete in BlackBerry® Enterprise Server version 4.1 SP4.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry Enterprise Server version 4.1 SP3

Policy Reference Guide Configuration settings for VPN profiles

271

Page 274: BlackBerry Enterprise Server - Telef³nica Czech Republic

VPN NAT Keep Alive configuration setting

DescriptionThis setting specifies the NAT keep-alive frequency. The permitted range is 1 to 1439 minutes.

Default valueThe default value is 1 minute.

UsageSpecify the interval, in minutes, that a BlackBerry® device sends a keep-alive packet to the VPN concentrator to maintain theconnection to the VPN concentrator.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

VPN PFS configuration setting

DescriptionThis setting specifies whether PFS is turned on for a BlackBerry® device.

Default valueThe default value is True.

UsageChange this setting only if your organization does not support PFS.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

VPN Primary DNS configuration setting

DescriptionThis setting specifies the static setting for the IP address of your organization's primary DNS server.

Default value

Policy Reference Guide Configuration settings for VPN profiles

272

Page 275: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is a null value.

DependenciesYou must change the Enable VPN configuration setting to True and the VPN DNS Configuration setting to False so that aBlackBerry® device can use this configuration setting.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

VPN Profile Visibility configuration setting

DescriptionThis setting specifies whether a user can view the configuration settings of the VPN profile on a BlackBerry® device.

Default valueThe default value is Full Visibility. A user can view all the configuration settings of the VPN profile.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

VPN Profile Editability configuration setting

DescriptionThis setting specifies whether the user can change the configuration settings of the VPN profile on a BlackBerry® device.

Default valueThe default value is Full editability.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

VPN Secondary DNS configuration setting

Description

Policy Reference Guide Configuration settings for VPN profiles

273

Page 276: BlackBerry Enterprise Server - Telef³nica Czech Republic

This setting specifies the static setting for the IP address of your organization's secondary DNS server.

Default valueThe default value is a null value.

DependenciesYou must change the Enable VPN configuration setting to True and the VPN DNS Configuration setting to False so that aBlackBerry® device can use this setting.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

VPN Subnet Mask configuration setting

DescriptionThis setting specifies the IP address of the subnet mask of the VPN.

Default settingThe default value is 0.

DependenciesIf you change this setting, you must also change the VPN DNS configuration setting to False and the Enable VPN configurationsetting to True.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

VPN Token Serial Number configuration setting

DescriptionIf the VPN server requires that a BlackBerry® device use a software token as part of the password for authentication, this settingspecifies the serial number of the software token that is provisioned to the BlackBerry device.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry device

Policy Reference Guide Configuration settings for VPN profiles

274

Page 277: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

VPN User Name configuration setting

DescriptionThis setting specifies the default user name that a BlackBerry® device uses to log in to your organization's VPN server.

Default valueThe default value is a null value.

UsageConfigure this setting if you want to create a default user name for all user accounts.

If a user types a user name on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user typed.To retain the value that the user types on the BlackBerry device, verify that the updated configuration setting uses the samevalue as this setting.

DependenciesYou must change the Enable VPN configuration setting to True so that a BlackBerry device can use this setting.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

VPN User Password configuration setting

DescriptionThis setting specifies the default password that a BlackBerry® device uses to log in to your organization's VPN server.

Default valueThe default value is a null value.

UsageConfigure this setting if you want to create a default password for all user accounts.

If a user types a password on the BlackBerry device manually, IT policy updates overwrite or delete the value that the user typed.To retain the value that the user types on the BlackBerry device, verify that the updated configuration setting uses the samevalue as this configuration setting.

Dependencies

Policy Reference Guide Configuration settings for VPN profiles

275

Page 278: BlackBerry Enterprise Server - Telef³nica Czech Republic

You must change the Enable VPN configuration setting to True so that a BlackBerry device can use this configuration setting.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

VPN Vendor Type configuration setting

DescriptionThis setting specifies the type of VPN client that the VPN client on a BlackBerry® device emulates.

Default valueThe default value is a null value.

DependenciesYou must change the Enable VPN configuration setting to True so that a BlackBerry device can use this configuration setting.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

VPN Xauth Type configuration setting

DescriptionThis setting specifies the type of user-level authentication that your organization's VPN server uses.

Default valueThe default value is User name and password required.

DependenciesYou must change the Enable VPN configuration setting to True so that a BlackBerry® device can use this configuration setting.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

Policy Reference Guide

276

Page 279: BlackBerry Enterprise Server - Telef³nica Czech Republic

Configuration settings for Wi-Fi profiles

Associated Certificate Authority Configuration configuration setting

DescriptionThis setting specifies the name of the certificate authority profile that is configured in the Certificate Authority Profile Name ITpolicy rule. The certificate authority profile consists of credentials that a BlackBerry® device can use to initiate a certificateenrollment process.

Default valueThe default value is a null value.

UsageAfter you associate a certificate authority profile with a Wi-Fi® profile, you can assign the Wi-Fi profile to a user account andsend the profile to a BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0

Associated VoIP Configuration configuration setting

DescriptionThis setting is a hidden property that a BlackBerry® device uses. The setting contains the name of the VoIP profile that is associatedwith the Wi-Fi® profile.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP2

Associated VPN Configuration configuration setting

Description

Policy Reference Guide Configuration settings for Wi-Fi profiles

277

Page 280: BlackBerry Enterprise Server - Telef³nica Czech Republic

This setting is a hidden property that contains the name of the VPN profile that you want to associate with the Wi-Fi® profile.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

Wi-Fi Allow AP to AP Handover configuration setting

DescriptionThis setting specifies whether a BlackBerry® device can perform Wi-Fi® handovers between wireless access points.

Default valueThe default value is True.

UsageThe default value permits handovers between access points in your organization's Wi-Fi network.

Change this setting to False to prevent handovers between access points.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Wi-Fi Allow Handheld Changes configuration setting

DescriptionThis setting specifies whether a user can change all Wi-Fi® policy settings on a BlackBerry® device.

Default valueThe default value is True.

UsageChange this setting to False to permit a user to change only the user-specific Wi-Fi policy settings on a BlackBerry device. User-specific Wi-Fi policy settings are Wi-Fi User Name setting and Wi-Fi User Password setting.

This configuration setting is obsolete in BlackBerry® Enterprise Server version 4.1 SP3.

Minimum requirements

Policy Reference Guide Configuration settings for Wi-Fi profiles

278

Page 281: BlackBerry Enterprise Server - Telef³nica Czech Republic

• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry Enterprise Server version 4.0 SP1

Wi-Fi Allow Password Save configuration setting

DescriptionThis setting specifies whether a user can save passwords for authentication to a Wi-Fi® network on a BlackBerry® device.

Default valueThe default value is True.

UsageThe default value permits a user to save passwords on a BlackBerry device for authentication to the Wi-Fi network.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Wi-Fi Band Type configuration setting

DescriptionThis setting specifies one or more band types that you configure the wireless access points of a specific SSID to operate on.

Default valueThe default value is 802.11 a/b/g.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.2.2• BlackBerry® Enterprise Server version 4.1 SP4

Wi-Fi BlackBerry Infrastructure Wi-Fi Access Mode configuration setting

DescriptionThis setting specifies whether a Wi-Fi® enabled BlackBerry® device can connect to the BlackBerry® Infrastructure over a Wi-Finetwork to access the BlackBerry® Enterprise Server or the BlackBerry® Internet Service.

Default value

Policy Reference Guide Configuration settings for Wi-Fi profiles

279

Page 282: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is Access does not require VPN. A BlackBerry device can bypass active VPN connections when it connects tothe BlackBerry Infrastructure over a Wi-Fi network.

UsageYou can configure one of the following options so that a BlackBerry device can connect to the BlackBerry Infrastructure over aWi-Fi network:• If you want a BlackBerry device to always use a VPN connection when it connects to the BlackBerry Infrastructure over a

Wi-Fi network, you can choose the Access requires VPN option. You can choose this option if you want to enforce theadditional security that a VPN connection provides.

• If you do not want a BlackBerry device to connect to the BlackBerry Infrastructure over a Wi-Fi network, you can choose theAccess disabled option.

DependenciesWhen you change this setting, you override the BlackBerry Infrastructure Wi-Fi Access Mode IT policy rule. You can use thissetting to configure the access mode for a specific Wi-Fi network, and the IT policy rule to configure the access mode for otherWi-Fi networks.

If you turn off access to the BlackBerry Infrastructure over a Wi-Fi network using the IT policy rule, you cannot override the ITpolicy rule using this setting.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry Enterprise Server version 5.0

Wi-Fi Default Gateway configuration setting

DescriptionThis setting specifies the default gateway in IP address format (for example, 10.0.0.1) that a BlackBerry® device can use if DHCPon the BlackBerry device is turned off.

Default valueThe default value is a null value.

UsageA BlackBerry device uses this setting only if you change the Wi-Fi® DHCP Configuration configuration setting to False.

DependenciesIf you change the Wi-Fi DHCP Configuration configuration setting to True, do not change this setting to True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

Policy Reference Guide Configuration settings for Wi-Fi profiles

280

Page 283: BlackBerry Enterprise Server - Telef³nica Czech Republic

Wi-Fi Default KEY ID configuration setting

DescriptionThis setting specifies the default WEP key ID.

Default valueThe default value is 1.

UsageVerify that the WEP key ID matches the WEP access point ID and the corresponding WEP key.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi DHCP Configuration configuration setting

DescriptionThis setting specifies whether your organization uses DHCP for dynamic network configuration.

Default valueThe default value is True. DHCP is turned on.

UsageIf your organization uses a Wi-Fi® network that includes subnets, turn on DHCP to permit roaming between subnets.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

Wi-Fi Disable Server Certificate Validation configuration setting

DescriptionThis setting specifies whether a BlackBerry® device requires a certificate authority certificate for server authentication when ituses a PEAP, EAP-TLS, or EAP-TTLS authentication method to connect to a Wi-Fi® network.

Default value

Policy Reference Guide Configuration settings for Wi-Fi profiles

281

Page 284: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is False.

UsageIf you change this setting to True, a root certificate is not required for the EAP, EAP-TLS, or EAP-TTLS authentication method.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0

Wi-Fi Domain Suffix configuration setting

DescriptionThis setting specifies the suffix for the internal domain name in FQDN format.

Default valueThe default value is a null value.

DependenciesConfigure this setting only if you change the Wi-Fi® DHCP Configuration configuration setting to False to make DHCP unavailable.

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Wi-Fi EAP-FAST Provisioning method configuration setting

DescriptionThis setting specifies the type of provisioning method that a BlackBerry® device can use when it authenticates to a Wi-Fi® networkusing EAP-FAST authentication with PAC.

Default valueThe default value is Anonymous. The server provisions the BlackBerry device with a PAC when the BlackBerry device connectsfor the first time. The server uses the user name and password to authenticate the user account. When you choose this option,server authentication does not occur.

UsageYou can configure one of the following options to change the type of provisioning methods that a BlackBerry device can use:• If you want the server to authenticate a BlackBerry device using the user name and password of the user account and a

root certificate when the BlackBerry device connects for the first time, you can select the Authenticated option. TheBlackBerry device does not connect to the server if the server does not present a root certificate to the BlackBerry device.

Policy Reference Guide Configuration settings for Wi-Fi profiles

282

Page 285: BlackBerry Enterprise Server - Telef³nica Czech Republic

• If you want the server to authenticate a BlackBerry device using the user name and password of the user account, and youwant the settings on the server to determine if server authentication must occur, you can select the Both option. If the serverpresents a root certificate, the BlackBerry device verifies the server using the selected root certificate. If the server does notpresent a root certificate, the BlackBerry device does not perform server authentication.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 5.0• BlackBerry® Enterprise Server version 5.0

Wi-Fi Enable Authentication Page configuration setting

DescriptionThis setting specifies whether the Wi-Fi® Login browser is available on a BlackBerry® device.

Default valueThe default value is False.

UsageChange this setting to True to permit a user to log in to a captive portal using a BlackBerry device.

This setting is obsolete in BlackBerry® Enterprise Server versions 4.1 SP4 and later.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry Enterprise Server version 4.0 SP1

Wi-Fi Hard Token Required configuration setting

DescriptionThis setting specifies whether a BlackBerry® device requires a hard token for authentication.

Default valueThe default value is False.

UsageChange this setting to True if a BlackBerry device requires a hard token (for example, RSA SecurID®) as part of the password forauthentication.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1

Policy Reference Guide Configuration settings for Wi-Fi profiles

283

Page 286: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Enterprise Server version 4.1 SP3

Wi-Fi Inner Authentication Mode configuration setting

DescriptionThis setting specifies the authentication mode that a BlackBerry® device uses for tunnelled EAP security.

Default valueThe default value is None.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Wi-Fi IP Address configuration setting

DescriptionThis setting specifies the IP address (for example, 10.0.0.1) that a BlackBerry® device can use if DHCP on the BlackBerry deviceis turned off.

Default valueThe default value is a null value.

UsageA BlackBerry device uses this setting only if you change the Wi-Fi® DHCP Configuration configuration setting to False.

DependenciesIf you change the Wi-Fi DHCP Configuration configuration setting to True, do not change this setting to True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

Wi-Fi Link Security configuration setting

Description

Policy Reference Guide Configuration settings for Wi-Fi profiles

284

Page 287: BlackBerry Enterprise Server - Telef³nica Czech Republic

This setting specifies the type of authentication method (for example, Open, EAP-FAST, LEAP, PEAP, EAP-TLS, EAP-TTLS, PSK,or WEP) that a BlackBerry® device requires to access a Wi-Fi® network.

Default valueThe default value is Open.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi Minimal EAP-TLS Certificate Encryption Key Security Level configuration setting

DescriptionThis setting specifies the minimum security level for a private key that an EAP authentication method (for example, EAP-TLS)uses with a client certificate.

Default valueThe default value is Low security. A BlackBerry® device prompts a user only once for the key store password so that the BlackBerrydevice can retrieve the private key and encrypt messages. The BlackBerry device stores the unencrypted private key with the Wi-Fi® profile.

UsageIf you configure this setting to Medium security, a BlackBerry device prompts a user only once for the key store password so thatthe BlackBerry device can retrieve the private key and encrypt messages. After the BlackBerry device retrieves the private key,the BlackBerry device retrieves the private key again only after the user resets the BlackBerry device. The BlackBerry devicecaches the private key in memory but does not store it with the Wi-Fi profile.

If you configure this setting to High security, a BlackBerry device always prompts a user for the key store password when itaccesses the private key and encrypts messages. The BlackBerry device does not store the unencrypted private key with the Wi-Fi profile.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi Preshared Key configuration setting

DescriptionThis setting specifies the PSK if you use PSK in your organization to authenticate to Wi-Fi® networks.

Default value

Policy Reference Guide Configuration settings for Wi-Fi profiles

285

Page 288: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is a null value.

DependenciesA BlackBerry® device uses this setting only if you configure the Wi-Fi Link Security configuration setting to PSK.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi Primary DNS configuration setting

DescriptionThis setting specifies the primary DNS in IP address format (for example, 10.0.0.1) that a BlackBerry® device can use if DHCPon the BlackBerry device is turned off.

Default valueThe default value is a null value.

UsageA BlackBerry device uses this setting only if you change the Wi-Fi® DHCP Configuration configuration setting to False.

DependenciesIf you configure the Wi-Fi DHCP Configuration configuration setting to True, do not change this setting to True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

Wi-Fi Profile Editability configuration setting

DescriptionThis setting specifies whether a user can change the settings in the Wi-Fi® profile on a BlackBerry® device.

Default valueThe default value is Full editability. The user can change all settings in the Wi-Fi profile.

UsageWhen you change this setting to No editability, the user cannot change any settings in the Wi-Fi profile.

Policy Reference Guide Configuration settings for Wi-Fi profiles

286

Page 289: BlackBerry Enterprise Server - Telef³nica Czech Republic

When you change this setting to Credentials editability, the user can change only the user credentials in the Wi-Fi profile.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Wi-Fi Profile Visibility configuration setting

DescriptionThis setting specifies whether a user can view the settings in the Wi-Fi® profile.

Default valueThe default value is Full visibility. The BlackBerry® device displays all the settings in the Wi-Fi profile.

UsageWhen you configure this setting to Restricted visibility, the BlackBerry device displays only the profile name.

When you configure this setting to Credentials visibility, the BlackBerry device displays only the profile name and login informationof the user.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Wi-Fi Protected Access Credential Key configuration setting

DescriptionThis setting specifies the PAC key that a BlackBerry® device can use for EAP-FAST authentication.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Wi-Fi Roaming Threshold configuration setting

Description

Policy Reference Guide Configuration settings for Wi-Fi profiles

287

Page 290: BlackBerry Enterprise Server - Telef³nica Czech Republic

This setting determines how often the Wi-Fi® transceiver scans for nearby wireless access points and roams to one of them ifthe signal quality is better than the signal of the current access point.

Default valueThe default value is Auto. A BlackBerry® device selects roaming thresholds automatically.

UsageWhen you configure this setting to Low, a BlackBerry device roams only when signal quality is very low.

When you configure this setting to Medium, a BlackBerry device roams when the signal quality is medium to low.

When you configure this setting to High, a BlackBerry device roams aggressively to access points with better signal strength.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Wi-Fi Secondary DNS configuration setting

DescriptionThis setting specifies the secondary DNS in IP address format (for example, 10.0.0.1) that a BlackBerry® device can use if DHCPon the BlackBerry device is turned off.

Default valueThe default value is a null value.

UsageA BlackBerry device uses this setting only if you change the Wi-Fi® DHCP Configuration configuration setting to False.

DependenciesIf you change the Wi-Fi DHCP Configuration configuration setting to True, do not change this setting to True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

Wi-Fi Server SAN configuration setting

Description

Policy Reference Guide Configuration settings for Wi-Fi profiles

288

Page 291: BlackBerry Enterprise Server - Telef³nica Czech Republic

This setting specifies a SAN field for the server certificate.

Default valueThe default value is a null value.

UsageIf you do not specify a SAN field for the server certificate, the BlackBerry® device accepts any valid server certificate.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Wi-Fi Server Subject configuration setting

DescriptionThis setting specifies the Subject field for the server certificate.

Default valueThe default value is a null value.

UsageIf you do not specify the Subject field for a server certificate, the BlackBerry® device accepts any valid server certificate.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Wi-Fi SSID configuration setting

DescriptionThis setting specifies the network name of a Wi-Fi® network and its wireless access points. The SSID is case-sensitive.

Default valueThe default value is a null value.

UsageYou must configure this setting before a BlackBerry® device can access the Wi-Fi network.

Minimum requirements• Java® based BlackBerry device

Policy Reference Guide Configuration settings for Wi-Fi profiles

289

Page 292: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi Subnet configuration setting

DescriptionThis setting specifies the subnet mask in IP address format (for example, 10.0.0.1) that a BlackBerry® device can use if DHCP onthe BlackBerry device is turned off.

Default valueThe default value is a null value.

UsageA BlackBerry device uses this setting only if you change the Wi-Fi® DHCP Configuration configuration setting to False.

DependenciesIf you change the Wi-Fi DHCP Configuration configuration setting to True, do not change this setting to True.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

Wi-Fi Token Serial Number configuration setting

DescriptionIf a BlackBerry® device requires that a software token is part of the password for authentication, this setting specifies the serialnumber of the software token that is provided to the BlackBerry device.

Default valueThe default value is a null value.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.1• BlackBerry® Enterprise Server version 4.1 SP3

Wi-Fi User Name configuration setting

Description

Policy Reference Guide Configuration settings for Wi-Fi profiles

290

Page 293: BlackBerry Enterprise Server - Telef³nica Czech Republic

This setting specifies the user name for PEAP or LEAP authentication on a BlackBerry® device.

Default valueThe default value is a null value.

UsageConfigure this setting if you want to create a default value for all users.

If a user types a user name on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user types.To retain the user-specified value on the BlackBerry device, verify that the updated Wi-Fi® profile uses the same value as the Wi-Fi profile on the BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi User Password configuration setting

DescriptionThis setting specifies the password for PEAP or LEAP authentication on a BlackBerry® device.

Default valueThe default value is a null value.

UsageConfigure this setting if you want to create a default value for all users.

If a user types a password on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user types.To retain the user-specified value on the BlackBerry device, verify that the updated Wi-Fi® profile uses the same value as the Wi-Fi profile on the BlackBerry device.

Minimum requirements• Java® based BlackBerry device• BlackBerry® Device Software version 4.2.0• BlackBerry® Enterprise Server version 4.1 SP2

Wi-Fi WEP Key 1 configuration setting

DescriptionThis setting specifies the password for WEP key 1 using the format xx:xx:xx:xx:xx.

Default value

Policy Reference Guide Configuration settings for Wi-Fi profiles

291

Page 294: BlackBerry Enterprise Server - Telef³nica Czech Republic

The default value is a null value.

UsageValid values are either 5 or 13 pairs of hexadecimal digits (0 to 9 and A to F) that you separate with a colon (for example, AB:CD:EF:01:23 or AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23).

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi WEP Key 2 configuration setting

DescriptionThis setting specifies the password for WEP key 2 using the format xx:xx:xx:xx:xx.

Default valueThe default value is a null value.

UsageValid values are either 5 or 13 pairs of hexadecimal digits (0 to 9 and A to F) that you separate with a colon (for example, AB:CD:EF:01:23 or AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23).

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi WEP Key 3 configuration setting

DescriptionThis setting specifies the password for WEP key 3 using the format xx:xx:xx:xx:xx.

Default valueThe default value is a null value.

UsageValid values are either 5 or 13 pairs of hexadecimal digits (0 to 9 and A to F) that you separate with a colon (for example, AB:CD:EF:01:23 or AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23).

Minimum requirements• Java® based BlackBerry® device

Policy Reference Guide Configuration settings for Wi-Fi profiles

292

Page 295: BlackBerry Enterprise Server - Telef³nica Czech Republic

• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

Wi-Fi WEP Key 4 configuration setting

DescriptionThis setting specifies the password for WEP key 4 using the format xx:xx:xx:xx:xx.

Default valueThe default value is null.

UsageValid values are either 5 or 13 pairs of hexadecimal digits (0 to 9 and A to F) that you separate with a colon (for example, AB:CD:EF:01:23 or AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23).

Minimum requirements• Java® based BlackBerry® device• BlackBerry® Device Software version 4.0.0• BlackBerry® Enterprise Server version 4.0 SP1

Policy Reference Guide Configuration settings for Wi-Fi profiles

293

Page 296: BlackBerry Enterprise Server - Telef³nica Czech Republic

Examples of security policy goals 5

You can use IT policies and application control policies to meet your organization's security policy goals.

Example goal Description

Define permitted use of passwords for

authentication on BlackBerry® devices.• Require a password on the BlackBerry device.

• Configure features such as password duration, length, and strength.

• Require password patterns.

• Forbid specific passwords.

Define the encryption strength that

BlackBerry devices use to protect data.• Extend encryption of data that is in transit between the sender and recipient

of an email message or PIN message.

• Require the BlackBerry device to generate and use the content protection key

to encrypt user data while the BlackBerry device is locked.

• Require the BlackBerry device to generate and use the principal encryption

key to encrypt the device transport key while the BlackBerry device is locked.

• To require a specific standard of encryption strength, specify the level of FIPS

compliance for the embedded cryptographic module that is required for basic

operation of the BlackBerry device.

Control application installation and use

on BlackBerry devices.• Prevent BlackBerry device users from downloading third-party applications

over the wireless network.

• Specify whether applications on the BlackBerry device can establish specific

types of connections.

Block viruses and malicious user actions

on BlackBerry devices.• Specify the resources (for example, email, phone, and BlackBerry device key

store) that a third-party application can access on the BlackBerry device.

• Specify the types of connections (for example, local, internal, and external)

that a third-party application that is running on the BlackBerry device can

open.

• Specify whether an application can access the user authenticator framework

API, which permits the registration of drivers to provide two-factor

authentication to unlock the BlackBerry device.

Control Bluetooth® technology use on

BlackBerry devices.• Manage Bluetooth technology on BlackBerry devices.

• Prevent the use of Bluetooth technology on BlackBerry devices.

Policy Reference Guide Examples of security policy goals

294

Page 297: BlackBerry Enterprise Server - Telef³nica Czech Republic

Example goal Description

• Specify whether a BlackBerry device can pair with another Bluetooth enabled

device.

• Specify whether the user can turn on and turn off the Bluetooth profiles that

are on the BlackBerry device.

Defining acceptable use of passwords and passphrases on BlackBerrydevices

Scenario Example IT policy rule Example value

Extend your organization's password policy to

BlackBerry® devices.

Password Required True

Maximum Password Age 30 (days)

Minimum Password Length 8 (characters)

Password Pattern Checks 2 (requires at least one alphabetic,

one numeric, and one special

character)

Forbidden Passwords obvious and non-secure

passwords (for example,

“password,” usernames, and

organization's names)

Set Password Timeout 5 (minutes)

User Can Change Timeout False

Delete all user data on the BlackBerry device if the

user types the password incorrectly.

Set Maximum Password Attempts 10 (number of incorrect passwords

that a user types before the

BlackBerry device data is deleted)

Do not permit users to reuse an expired password. Maximum Password History 10 (maximum number of previous

passwords that the new password

must be checked against)

Permit users to notify administrators if the

BlackBerry device is in jeopardy of theft.

Duress Notification Address email address that receives a

notification message when a user

types a password under duress

Policy Reference Guide Defining acceptable use of passwords and passphrases on BlackBerry devices

295

Page 298: BlackBerry Enterprise Server - Telef³nica Czech Republic

Defining measures to protect BlackBerry devices from unauthorized use

Scenario Example IT policy rule Example value

Extend your organization's password policy to

BlackBerry® devices.

Lock the BlackBerry device automatically, regardless

of user activity.

Enable Long-Term Timeout True

Prompt the user to type a password, whether the

BlackBerry device is idle or in use.

Periodic Challenge Time 60 (minutes that can elapse

before the user must type a

password)

Lock the BlackBerry device automatically when a

user inserts it in the holster.

Force Lock When Holstered True

Lock the BlackBerry device automatically after a

period of user inactivity.

Maximum Security Timeout 5 (minutes of idle time that is

permitted before the BlackBerry

device locks)

Defining the encryption strength that the BlackBerry device uses to protectdata

Scenario Example IT policy rule Example value

Protect user and application data on the

BlackBerry® device.

Content Protection Strength True

Protect the device transport key on a

locked BlackBerry device.

Force Content Protection of Master Key True

Specify the level of FIPS compliance on

the BlackBerry device.

FIPS Level 2

Specify the algorithms that the

BlackBerry device uses to encrypt and

decrypt PGP® messages.

PGP Allowed Content Ciphers AES (256-bit), AES (192-bit), AES (128-

bit), and Triple DES

Policy Reference Guide Defining measures to protect BlackBerry devices from unauthorized use

296

Page 299: BlackBerry Enterprise Server - Telef³nica Czech Republic

Scenario Example IT policy rule Example value

Specify the algorithms that the

BlackBerry device uses to encrypt and

decrypt S/MIME messages.

S/MIME Allowed Content Ciphers AES (256-bit), AES (192-bit), AES (128-

bit), and Triple DES

Restricting unsecured messaging

Scenario Example IT policy rule Example value

To comply with industry regulations, make sure that

all electronic communication between your

employees and their clients is recorded.

Allow Other Browser Services False

Allow Other Message Services False

Allow Peer-to-Peer Messages False

Allow SMS False

Disable Forwarding Between

Services

True

Disable Cut/Copy/Paste True

Prevent users from sending PIN messages.

(Users can still receive PIN messages.)

Allow Peer-to-Peer Messages False

Prevent users from sending SMS text messages.

(Users can still receive SMS text messages.)

Allow SMS False

Prevent users from forwarding or replying to

messages using a different BlackBerry® Enterprise

Server.

Disable Forwarding Between

Services

True

Display message sensitivity using different message

background colors.

Security Service Colors colors of sensitive and

nonsensitive messages in red-

green-blue format

Defining measures to prevent threats from viruses and malicious usersConsider using IT policy rules and application control policy rules to block threats from viruses and other methods of attack byusers with malicious intent.

Policy Reference Guide Defining measures to prevent threats from viruses and malicious users

297

Page 300: BlackBerry Enterprise Server - Telef³nica Czech Republic

Limiting the resources that third-party applications installed on BlackBerry devices canaccess

Scenario Example application control

policy rule

Value

Prevent third-party Java® applications from

accessing a list of domains using the BlackBerry®

Browser.

Browser Filter Domains addresses of the domains

Permit a third-party Java application from sending

and receiving messages on a BlackBerry device.

Email Allowed

Remove a third-party Java application from

BlackBerry devices over the wireless network.

Disposition Disallowed

Permit a third-party Java application to access the

phone application on BlackBerry devices.

Phone Access Allowed

Permit a third-party Java application to create public

external network connections and permit

connections to external domains without prompting

users for a password on their BlackBerry devices.

External Network Connections Allowed

External Domains addresses of the external domains

Permit a third-party Java application to establish

connections to Bluetooth enabled devices.

Bluetooth Serial Profile Allowed

External Network Connections Allowed

Prevent users from turning on a custom theme that

was created using the Plazmic® Content Developer's

Kit.

Themes Disallowed

Prevent users from unlocking their BlackBerry

devices using a BlackBerry® Smart Card Reader and

an authentication password.

User Authenticator Disallowed

Policy Reference Guide Defining measures to prevent threats from viruses and malicious users

298

Page 301: BlackBerry Enterprise Server - Telef³nica Czech Republic

Limiting user control of third-party applications on BlackBerry devices

Scenario Example policy rule Value

Prevent third-party applications from accessing

serial ports or USB ports on BlackBerry® devices.

Allow Third Party Apps to Use

Serial Port (IT policy rule)

False

Prevent third-party applications from accessing the

persistent store API on BlackBerry devices.

Allow Third Party Apps to Use

Persistent Store (IT policy rule)

False

Prevent users from configuring and running add-in

applications in the BlackBerry® Desktop Manager.

Desktop Allow Desktop Add-Ins

(IT policy rule)

False

Prevent users from downloading third-party

applications or themes to their BlackBerry devices.

Disallow Third Party Application

Downloads (IT policy rule)

True

Prevent users from removing a third-party Java®

application installed on their BlackBerry devices.

Disposition (application control

policy rule)

Required

Prevent users from installing a third-party Java

application on their BlackBerry devices.

Disposition (application control

policy rule)

Required

Remove a third-party Java application from

BlackBerry devices over the wireless network.

Disposition (application control

policy rule)

Required

Prevent users from turning on a custom theme that

was created using the BlackBerry® Theme Studio.

Themes (application control

policy rule)

Required

Prevent users from unlocking their BlackBerry

devices using a BlackBerry® Smart Card Reader and

an authentication password.

User Authenticator (application

control policy rule)

Required

Prevent users that are authenticating through a VPN

connection from using third-party applications on

their BlackBerry devices.

User Authenticator (application

control policy rule)

Required

Preventing RIM value-added applications from running on BlackBerrydevicesYou can use application control policy rules and IT policy rules to control whether Research In Motion® value-added applicationsare available on BlackBerry® devices. RIM value-added applications include the BlackBerry® Wallet and the ecommerce contentoptimization engine for the BlackBerry® Browser.

Policy Reference Guide Preventing RIM value-added applications from running on BlackBerry devices

299

Page 302: BlackBerry Enterprise Server - Telef³nica Czech Republic

To prevent the RIM value-added applications from running on BlackBerry® Device Software versions earlier than 4.5, you canblock all RIM value-added applications using the Disable RIM Value-Added Applications IT policy rule, or you can block specificRIM value-added applications using application-specific IT policy rules.

To prevent the RIM value-added applications from running on BlackBerry Device Software version 4.5 or later, you can use anyof the following application-specific methods:

Application Method

BlackBerry Wallet • Configure the Disable BlackBerry Wallet IT policy rule to True.

• Apply an application control policy rule to block all third-party applications,

or apply an application control policy to block specific RIM value-added

applications if you want to remove the RIM value-added applications from

BlackBerry devices.

• Configure the Disable RIM Value-Added Applications IT policy rule to True.

ecommerce content optimization

engine for the BlackBerry Browser• Configure the Disable Ecommerce Content Optimization Engine IT policy rule

to True.

• Apply an application control policy rule to block all third-party applications,

or apply an application control policy to block specific RIM value-added

applications if you want to remove the RIM value-added applications from

BlackBerry devices.

• Configure the Disable RIM Value-Added Applications IT policy rule to True.

You can apply the Disposition application control policy rule to RIM value-added applications only. Other application controlpolicy rules do not apply to RIM value-added applications.

Policy Reference Guide Preventing RIM value-added applications from running on BlackBerry devices

300

Page 303: BlackBerry Enterprise Server - Telef³nica Czech Republic

Glossary 6

A2DPAdvanced Audio Distribution Profile

AESAdvanced Encryption Standard

APBall points bulletin

APIapplication programming interface

APNaccess point name

ASCIIAmerican Standard Code for Information Interchange

AVRCPAudio/Video Remote Control Profile

BCCblind carbon copy

BlackBerry MDSBlackBerry® Mobile Data System

BSMbrowser session manager

CASTComputer Assisted Seriation Test

CHAPChallenge Handshake Authentication Protocol

COMComponent Object Model

CRLcertificate revocation list

Policy Reference Guide Glossary

301

Page 304: BlackBerry Enterprise Server - Telef³nica Czech Republic

DESData Encryption Standard

DHCPDynamic Host Configuration Protocol

DNSDomain Name System

DSADigital Signature Algorithm

DTMFDual Tone Multiple-frequency

DUNDial-up Networking

EAPExtensible Authentication Protocol

EAP-FASTExtensible Authentication Protocol Flexible Authentication via Secure Tunneling

EAP-TLSExtensible Authentication Protocol Transport Layer Security

EAP-TTLSExtensible Authentication Protocol Tunneled Transport Layer Security

ECCElliptic Curve Cryptography

FIPSFederal Information Processing Standards

FQDNfully qualified domain name

GANgeneric access network

GPSGlobal Positioning System

Policy Reference Guide Glossary

302

Page 305: BlackBerry Enterprise Server - Telef³nica Czech Republic

HFPHands-Free Profile

HSPHeadset Profile

HTMLHypertext Markup Language

HTTPSHypertext Transfer Protocol over Secure Sockets Layer

IKEInternet Key Exchange

IMEIInternational Mobile Equipment Identity

IOTinteroperability test

IPInternet Protocol

IPSecInternet Protocol Security

LEAPLightweight Extensible Authentication Protocol

LEDlight-emitting diode

MDSMobile Data System

MFHmessage from handheld

MMSMultimedia Messaging Service

MTHmessage to handheld

Policy Reference Guide Glossary

303

Page 306: BlackBerry Enterprise Server - Telef³nica Czech Republic

NATnetwork address translation

OBEXObject Exchange

PACproxy auto-configuration

PBXPrivate Branch Exchange

PEAPProtected Extensible Authentication Protocol

PFSPerfect Forward Secrecy

PGPPretty Good Privacy

PIMpersonal information management

PINpersonal identification number

PKIPublic Key Infrastructure

PSKpre-shared key

RNGrandom number generator

RTPReal-time Transport Protocol

SANsubject alternative name

SHASecure Hash Algorithm

Policy Reference Guide Glossary

304

Page 307: BlackBerry Enterprise Server - Telef³nica Czech Republic

SIMSubscriber Identity Module

SIPSession Initiation Protocol

S/MIMESecure Multipurpose Internet Mail Extensions

SMSShort Message Service

SPPSerial Port Profile

SSIDservice set identifier

TCPTransmission Control Protocol

TLSTransport Layer Security

TUItelephone UI

UDPUser Datagram Protocol

UIDunique identifier

USBUniversal Serial Bus

VoIPVoice over Internet Protocol

VPNvirtual private network

WANwide area network

Policy Reference Guide Glossary

305

Page 308: BlackBerry Enterprise Server - Telef³nica Czech Republic

WAPWireless Application Protocol

WEPWired Equivalent Privacy

WLANwireless local area network

WTLSWireless Transport Layer Security

Policy Reference Guide Glossary

306

Page 309: BlackBerry Enterprise Server - Telef³nica Czech Republic

Provide feedback 7

To provide feedback on this deliverable, visit www.blackberry.com/docsfeedback.

Policy Reference Guide Provide feedback

307

Page 310: BlackBerry Enterprise Server - Telef³nica Czech Republic

Legal notice 8

©2009 Research In Motion Limited. All rights reserved. BlackBerry®, RIM®, Research In Motion®, SureType®, SurePress™ andrelated trademarks, names, and logos are the property of Research In Motion Limited and are registered and/or used in the U.S.and countries around the world.

3GPP is a trademark of 3GPP. AIM, AOL Instant Messenger, and ICQ are trademarks of AOL LCC. Bluetooth is a trademark ofBluetooth SIG. DataViz and Documents to Go are trademarks of DataViz. Entrust and Entrust Entelligence are trademarks ofEntrust, Inc. Facebook is a trademark of Facebook, Inc. Google Talk and Picasa are trademarks of Google Inc. IrDA is a trademarkof Infrared Data Association. IBM, Domino, Lotus, Lotus Notes, Quickr, and Sametime are trademarks of International BusinessMachines Corporation. Kodiak PTT is a trademark of Kodiak Networks Inc. Microsoft, Active Directory, and Windows Live aretrademarks of Microsoft Corporation. NetScreen is a trademark of Juniper Networks, Inc. Novell and GroupWise are trademarksof Novell, Inc. PGP is a trademark of PGP Corporation. Plazmic is a trademark of Plazmic Inc. Roxio is a trademark of SonicSolutions. RSA and RSA SecurID are trademarks of RSA Security. Java and JavaScript are trademarks of Sun Microsystems, Inc.TiVo is a trademark of TiVo Inc. T-Mobile is a trademark of Deutsche Telekom AG. Wi-Fi is a trademark of the Wi-Fi Alliance.Flickr and Yahoo! Messenger are trademarks of Yahoo! Inc. All other trademarks are the property of their respective owners.

The BlackBerry smartphone and other devices and/or associated software are protected by copyright, international treaties, andvarious patents, including one or more of the following U.S. patents: 6,278,442; 6,271,605; 6,219,694; 6,075,470; 6,073,318;D445,428; D433,460; D416,256. Other patents are registered or pending in the U.S. and in various countries around the world.Visit www.rim.com/patents for a list of RIM (as hereinafter defined) patents.

This documentation including all documentation incorporated by reference herein such as documentation provided or madeavailable at www.blackberry.com/go/docs is provided or made accessible "AS IS" and "AS AVAILABLE" and without condition,endorsement, guarantee, representation, or warranty of any kind by Research In Motion Limited and its affiliated companies("RIM") and RIM assumes no responsibility for any typographical, technical, or other inaccuracies, errors, or omissions in thisdocumentation. In order to protect RIM proprietary and confidential information and/or trade secrets, this documentation maydescribe some aspects of RIM technology in generalized terms. RIM reserves the right to periodically change information thatis contained in this documentation; however, RIM makes no commitment to provide any such changes, updates, enhancements,or other additions to this documentation to you in a timely manner or at all.

This documentation might contain references to third-party sources of information, hardware or software, products or servicesincluding components and content such as content protected by copyright and/or third-party web sites (collectively the "ThirdParty Products and Services"). RIM does not control, and is not responsible for, any Third Party Products and Services including,without limitation the content, accuracy, copyright compliance, compatibility, performance, trustworthiness, legality, decency,links, or any other aspect of Third Party Products and Services. The inclusion of a reference to Third Party Products and Servicesin this documentation does not imply endorsement by RIM of the Third Party Products and Services or the third party in any way.

EXCEPT TO THE EXTENT SPECIFICALLY PROHIBITED BY APPLICABLE LAW IN YOUR JURISDICTION, ALL CONDITIONS,ENDORSEMENTS, GUARANTEES, REPRESENTATIONS, OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDINGWITHOUT LIMITATION, ANY CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS OR WARRANTIES OFDURABILITY, FITNESS FOR A PARTICULAR PURPOSE OR USE, MERCHANTABILITY, MERCHANTABLE QUALITY, NON-INFRINGEMENT, SATISFACTORY QUALITY, OR TITLE, OR ARISING FROM A STATUTE OR CUSTOM OR A COURSE OF DEALINGOR USAGE OF TRADE, OR RELATED TO THE DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NON-PERFORMANCE

Policy Reference Guide Legal notice

308

Page 311: BlackBerry Enterprise Server - Telef³nica Czech Republic

OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES REFERENCED HEREIN, AREHEREBY EXCLUDED. YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY BY STATE OR PROVINCE. SOME JURISDICTIONSMAY NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES AND CONDITIONS. TO THE EXTENTPERMITTED BY LAW, ANY IMPLIED WARRANTIES OR CONDITIONS RELATING TO THE DOCUMENTATION TO THE EXTENTTHEY CANNOT BE EXCLUDED AS SET OUT ABOVE, BUT CAN BE LIMITED, ARE HEREBY LIMITED TO NINETY (90) DAYS FROMTHE DATE YOU FIRST ACQUIRED THE DOCUMENTATION OR THE ITEM THAT IS THE SUBJECT OF THE CLAIM.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, IN NO EVENT SHALL RIM BE LIABLEFOR ANY TYPE OF DAMAGES RELATED TO THIS DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NON-PERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES REFERENCEDHEREIN INCLUDING WITHOUT LIMITATION ANY OF THE FOLLOWING DAMAGES: DIRECT, CONSEQUENTIAL, EXEMPLARY,INCIDENTAL, INDIRECT, SPECIAL, PUNITIVE, OR AGGRAVATED DAMAGES, DAMAGES FOR LOSS OF PROFITS OR REVENUES,FAILURE TO REALIZE ANY EXPECTED SAVINGS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, LOSS OFBUSINESS OPPORTUNITY, OR CORRUPTION OR LOSS OF DATA, FAILURES TO TRANSMIT OR RECEIVE ANY DATA, PROBLEMSASSOCIATED WITH ANY APPLICATIONS USED IN CONJUNCTION WITH RIM PRODUCTS OR SERVICES, DOWNTIME COSTS,LOSS OF THE USE OF RIM PRODUCTS OR SERVICES OR ANY PORTION THEREOF OR OF ANY AIRTIME SERVICES, COST OFSUBSTITUTE GOODS, COSTS OF COVER, FACILITIES OR SERVICES, COST OF CAPITAL, OR OTHER SIMILAR PECUNIARYLOSSES, WHETHER OR NOT SUCH DAMAGES WERE FORESEEN OR UNFORESEEN, AND EVEN IF RIM HAS BEEN ADVISEDOF THE POSSIBILITY OF SUCH DAMAGES.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, RIM SHALL HAVE NO OTHEROBLIGATION, DUTY, OR LIABILITY WHATSOEVER IN CONTRACT, TORT, OR OTHERWISE TO YOU INCLUDING ANY LIABILITYFOR NEGLIGENCE OR STRICT LIABILITY.

THE LIMITATIONS, EXCLUSIONS, AND DISCLAIMERS HEREIN SHALL APPLY: (A) IRRESPECTIVE OF THE NATURE OF THECAUSE OF ACTION, DEMAND, OR ACTION BY YOU INCLUDING BUT NOT LIMITED TO BREACH OF CONTRACT, NEGLIGENCE,TORT, STRICT LIABILITY OR ANY OTHER LEGAL THEORY AND SHALL SURVIVE A FUNDAMENTAL BREACH OR BREACHESOR THE FAILURE OF THE ESSENTIAL PURPOSE OF THIS AGREEMENT OR OF ANY REMEDY CONTAINED HEREIN; AND (B)TO RIM AND ITS AFFILIATED COMPANIES, THEIR SUCCESSORS, ASSIGNS, AGENTS, SUPPLIERS (INCLUDING AIRTIMESERVICE PROVIDERS), AUTHORIZED RIM DISTRIBUTORS (ALSO INCLUDING AIRTIME SERVICE PROVIDERS) AND THEIRRESPECTIVE DIRECTORS, EMPLOYEES, AND INDEPENDENT CONTRACTORS.

IN ADDITION TO THE LIMITATIONS AND EXCLUSIONS SET OUT ABOVE, IN NO EVENT SHALL ANY DIRECTOR, EMPLOYEE,AGENT, DISTRIBUTOR, SUPPLIER, INDEPENDENT CONTRACTOR OF RIM OR ANY AFFILIATES OF RIM HAVE ANY LIABILITYARISING FROM OR RELATED TO THE DOCUMENTATION.

Prior to subscribing for, installing, or using any Third Party Products and Services, it is your responsibility to ensure that yourairtime service provider has agreed to support all of their features. Some airtime service providers might not offer Internet browsingfunctionality with a subscription to the BlackBerry® Internet Service. Check with your service provider for availability, roamingarrangements, service plans and features. Installation or use of Third Party Products and Services with RIM's products and servicesmay require one or more patent, trademark, copyright, or other licenses in order to avoid infringement or violation of third partyrights. You are solely responsible for determining whether to use Third Party Products and Services and if any third party licensesare required to do so. If required you are responsible for acquiring them. You should not install or use Third Party Products andServices until all necessary licenses have been acquired. Any Third Party Products and Services that are provided with RIM'sproducts and services are provided as a convenience to you and are provided "AS IS" with no express or implied conditions,endorsements, guarantees, representations, or warranties of any kind by RIM and RIM assumes no liability whatsoever, in relation

Policy Reference Guide Legal notice

309

Page 312: BlackBerry Enterprise Server - Telef³nica Czech Republic

thereto. Your use of Third Party Products and Services shall be governed by and subject to you agreeing to the terms of separatelicenses and other agreements applicable thereto with third parties, except to the extent expressly covered by a license or otheragreement with RIM.

Certain features outlined in this documentation require a minimum version of BlackBerry® Enterprise Server, BlackBerry® DesktopSoftware, and/or BlackBerry® Device Software.

The terms of use of any RIM product or service are set out in a separate license or other agreement with RIM applicable thereto.NOTHING IN THIS DOCUMENTATION IS INTENDED TO SUPERSEDE ANY EXPRESS WRITTEN AGREEMENTS OR WARRANTIESPROVIDED BY RIM FOR PORTIONS OF ANY RIM PRODUCT OR SERVICE OTHER THAN THIS DOCUMENTATION.

Research In Motion Limited295 Phillip StreetWaterloo, ON N2L 3W8Canada

Research In Motion UK Limited Centrum House 36 Station Road Egham, Surrey TW20 9LF United Kingdom

Published in Canada

Policy Reference Guide Legal notice

310


Recommended