How to disable Mobile Data Service (MDS) for a specific user in BES?

I have a Blackberry Enterprise Server (BES) version 4.1 and some Blackberry users. Right now MDS is running on BES. Blackberry users are able to connect to internal network through MDS. To increase security, I like to disable MDS for some Blackberry users but not all.
I created a new IT policy called NoMDS: disable MDS Runtime Environment=true for MDS policy group and assign NoMDS to suerA, resend IT policy to userA. But userA is still able to use MDS to connect to internal network.
Q#1. If I just want to enable phone, email for userA, but not Blackberry browser or connection to internal network, how to achieve this?
Q#2. Can someone post a baseline IT policy for the BES? Or what services should be usually shut down?
Who is Participating?
BlackBerryLinks_comConnect With a Mentor Commented:
The Mobile Data Service is in BES 4.1 not the part for connecting to the Internet, that is the MDS Connection services. Here are some of the IT Policies you have to set (for no browsing):

Allow IBS Browser FALSE  
Enable WAP Config FALSE
Allow Browser FALSE
Allow Other Browser Services FALSE
Allow External Connections FALSE
Allow Internal Connections FALSE

In this document you find all the IT Policy:

SysExpertConnect With a Mentor Commented:
1) See if you can remove the MDS component in the policy - check for more options
2) Depends on what you want.  The default is secure but does not do everything.

No forced password on the BB device, and open browser for BB and Internet.

You simply have to go over all the options and do some testing.

Did you check the log on the user or the server ?

I hope this helps !
richtreeAuthor Commented:
Hi Bob,
Thanks for your tips. Here is the results from testing:
browser policy group->allow IBS browser: for Internet browser.
global items->allow browser: for Blackberry browser.
service exclusivity policy group->allow other browser service: for all browser services, Blackberry, WAP, Internet browsers.
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

richtreeAuthor Commented:
Thank you all.
richtreeAuthor Commented:
device-only items->enable wap config: seems not related
security policy group->allow internal connections: seems not related
security policy group->allow external connections: seems not related
This is that also non browser application can not go to the internet.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.