I have a Blackberry Enterprise Server (BES) version 4.1 and some Blackberry users. Right now MDS is running on BES. Blackberry users are able to connect to internal network through MDS. To increase security, I like to disable MDS for some Blackberry users but not all.
I created a new IT policy called NoMDS: disable MDS Runtime Environment=true for MDS policy group and assign NoMDS to suerA, resend IT policy to userA. But userA is still able to use MDS to connect to internal network.
Q#1. If I just want to enable phone, email for userA, but not Blackberry browser or connection to internal network, how to achieve this?
Q#2. Can someone post a baseline IT policy for the BES? Or what services should be usually shut down?