Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.
COURSE of the MONTH
9 days, 6 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Soon to enforce PIN on smartphones, what will happen?
Posted on 2011-03-07
I am about to enforce PIN policies on our BES, and our OWA servers, for any mobile device attaching to our exchange server. We do not issue devices, so they are not our properity, so the only way I can do this is by setting the policy on the BES and on Exchange.
My question is the actual mechanics of the process once I set the rules. In other words, what will the users see? Will the device show a warning that a pin must be established before it will allow connection to the OWA/BES server? Or will is simply stop sync'ing until a PIN is set?
Thanks much
My question is the actual mechanics of the process once I set the rules. In other words, what will the users see? Will the device show a warning that a pin must be established before it will allow connection to the OWA/BES server? Or will is simply stop sync'ing until a PIN is set?
Thanks much
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
2
- +1
8 Comments
Yes they need to put the PIN once, but the existing users need to be activated once again.
Please read below guidlines carefully.
Managing BlackBerry device access to the BlackBerry Enterprise Server
You can use the Enterprise Service Policy to control which BlackBerry® devices can connect to a BlackBerry Enterprise Server. By default, after you turn on the Enterprise Service Policy, the BlackBerry Enterprise Server permits connections from any BlackBerry device or BlackBerry enabled device that you previously associated with the BlackBerry Enterprise Server. The BlackBerry Enterprise Server also prevents connections from any BlackBerry device that you associate with the BlackBerry Enterprise Server after you turn on the Enterprise Service Policy.
You can configure an allowed list to determine which BlackBerry devices can access a BlackBerry Enterprise Server. A BlackBerry device that meets the criteria that you specify in the allowed list can associate with the BlackBerry Enterprise Server when the BlackBerry device activates over the wireless network.
You can define the following types of criteria:
* specific BlackBerry device PINs
* range of BlackBerry device PINs
* specific manufacturers
* specific BlackBerry device models
The BlackBerry Administration Service includes lists of permitted manufacturers and models of BlackBerry devices that you associated with the BlackBerry Enterprise Server previously.
You can permit a user to override the Enterprise Service Policy so that a BlackBerry device or BlackBerry enabled device can connect to the BlackBerry Enterprise Server even if you configure the allowed list with criteria that exclude that BlackBerry device or BlackBerry enabled device.
For more information, see the BlackBerry Enterprise Server Administration Guide.
Turn on the Enterprise Service Policy
You can turn on the Enterprise Service Policy to control which BlackBerry® devices can connect to the BlackBerry Enterprise Server.
1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
2. Click BlackBerry Enterprise Server.
3. Click Turn on Enterprise Service Policy.
4. Click Yes - Turn on enterprise service policy.
Configure the Enterprise Service Policy
By default, when you turn on the Enterprise Service Policy, all BlackBerry® devices that you activated can access the BlackBerry Enterprise Server. You must configure the Enterprise Service Policy to specify the BlackBerry devices that you want to access the BlackBerry Enterprise Server. To add a new BlackBerry device to the BlackBerry Enterprise Server, you must add the PIN for the BlackBerry device to the Enterprise Service Policy before a user can activate the BlackBerry device.
Before you begin: Turn on the Enterprise Service Policy.
1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
2. Click BlackBerry Enterprise Server.
3. Click Edit component.
4. In the Enterprise Service Policy section, in the Allowed drop-down list, click Yes for each BlackBerry device model that you want to permit to access the BlackBerry Enterprise Server.
5. To add a new BlackBerry device, on the Add New Allowed PINs tab, in the New Allowed PINs field, type the PIN for the BlackBerry device. Click the Add icon.
6. To remove a BlackBerry device from the list, on the Removing Existing Allowed Pins tab, in the PINs section, select the PIN for the BlackBerry device.
7. Click Save All.
Permit a user to override the Enterprise Service Policy
Before you begin:Turn on the Enterprise Service Policy.
1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.
2. Click Manage users.
3. Search for a user account.
4. Click the display name for the user account.
5. Click Edit user.
6. On the Component information tab, in the BlackBerry Enterprise Server information section, in the Enterprise service policy override drop-down list, click True.
7. Click Save All.
Please read below guidlines carefully.
Managing BlackBerry device access to the BlackBerry Enterprise Server
You can use the Enterprise Service Policy to control which BlackBerry® devices can connect to a BlackBerry Enterprise Server. By default, after you turn on the Enterprise Service Policy, the BlackBerry Enterprise Server permits connections from any BlackBerry device or BlackBerry enabled device that you previously associated with the BlackBerry Enterprise Server. The BlackBerry Enterprise Server also prevents connections from any BlackBerry device that you associate with the BlackBerry Enterprise Server after you turn on the Enterprise Service Policy.
You can configure an allowed list to determine which BlackBerry devices can access a BlackBerry Enterprise Server. A BlackBerry device that meets the criteria that you specify in the allowed list can associate with the BlackBerry Enterprise Server when the BlackBerry device activates over the wireless network.
You can define the following types of criteria:
* specific BlackBerry device PINs
* range of BlackBerry device PINs
* specific manufacturers
* specific BlackBerry device models
The BlackBerry Administration Service includes lists of permitted manufacturers and models of BlackBerry devices that you associated with the BlackBerry Enterprise Server previously.
You can permit a user to override the Enterprise Service Policy so that a BlackBerry device or BlackBerry enabled device can connect to the BlackBerry Enterprise Server even if you configure the allowed list with criteria that exclude that BlackBerry device or BlackBerry enabled device.
For more information, see the BlackBerry Enterprise Server Administration Guide.
Turn on the Enterprise Service Policy
You can turn on the Enterprise Service Policy to control which BlackBerry® devices can connect to the BlackBerry Enterprise Server.
1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
2. Click BlackBerry Enterprise Server.
3. Click Turn on Enterprise Service Policy.
4. Click Yes - Turn on enterprise service policy.
Configure the Enterprise Service Policy
By default, when you turn on the Enterprise Service Policy, all BlackBerry® devices that you activated can access the BlackBerry Enterprise Server. You must configure the Enterprise Service Policy to specify the BlackBerry devices that you want to access the BlackBerry Enterprise Server. To add a new BlackBerry device to the BlackBerry Enterprise Server, you must add the PIN for the BlackBerry device to the Enterprise Service Policy before a user can activate the BlackBerry device.
Before you begin: Turn on the Enterprise Service Policy.
1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
2. Click BlackBerry Enterprise Server.
3. Click Edit component.
4. In the Enterprise Service Policy section, in the Allowed drop-down list, click Yes for each BlackBerry device model that you want to permit to access the BlackBerry Enterprise Server.
5. To add a new BlackBerry device, on the Add New Allowed PINs tab, in the New Allowed PINs field, type the PIN for the BlackBerry device. Click the Add icon.
6. To remove a BlackBerry device from the list, on the Removing Existing Allowed Pins tab, in the PINs section, select the PIN for the BlackBerry device.
7. Click Save All.
Permit a user to override the Enterprise Service Policy
Before you begin:Turn on the Enterprise Service Policy.
1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.
2. Click Manage users.
3. Search for a user account.
4. Click the display name for the user account.
5. Click Edit user.
6. On the Component information tab, in the BlackBerry Enterprise Server information section, in the Enterprise service policy override drop-down list, click True.
7. Click Save All.
Thanks, that seems a bit more then I was looking for, as I see the password requirement section of the default IT policy on the BES. I am not looking to assign specific pins to specific devices, only require devices to have a pin set.
As I understand it, all i need to change is in the global server properties - IT policy - device only items - Password Required = True - Minumum Password Length = X - User can disable password = False. Then I can add additional rules in the password section if I choose to.
And you say that I will need to apply the policy, remove all the existing users and reactivate them? That is not making me happy...
As I understand it, all i need to change is in the global server properties - IT policy - device only items - Password Required = True - Minumum Password Length = X - User can disable password = False. Then I can add additional rules in the password section if I choose to.
And you say that I will need to apply the policy, remove all the existing users and reactivate them? That is not making me happy...
Hmm. Odd. I just spoke to a Blackberry Tech support rep who told me in no uncertain terms that I will NOT need to be reactivated. Any devices that do not have a pin set at the time the policy is pushed will simply display a "set pin" message and will remain at that prompt until the pin is set...
Hi,
I presume you mean PIN protection on the device not restricting the devices connecting to your BES using the BlackBerry PIN number?
For BlackBerry, to enforce a PIN, you'll need to do this via an IT Policy. You can create one in advance, assign it to a group and then make your colleagues members of the group as you see fit (i.e. staged etc.). Don't forget to configure complexity, validity (days), history and prevent users from disabling it.
When you update the policy, the user's device will lock and they will be prompted to enter their new PIN/Password on the device.
Regards,
RobMobility.
I presume you mean PIN protection on the device not restricting the devices connecting to your BES using the BlackBerry PIN number?
For BlackBerry, to enforce a PIN, you'll need to do this via an IT Policy. You can create one in advance, assign it to a group and then make your colleagues members of the group as you see fit (i.e. staged etc.). Don't forget to configure complexity, validity (days), history and prevent users from disabling it.
When you update the policy, the user's device will lock and they will be prompted to enter their new PIN/Password on the device.
Regards,
RobMobility.
Yes, that is correct.. A simple keylock. Not BES access. Device lock only.
Odd though, I had a user (albeit a very non technical one) set a password on his curve 3g and it seems that the device only prompts for the pin when it is powered off, but not when it is locked (by pressing the button on the top of the device).
Odd though, I had a user (albeit a very non technical one) set a password on his curve 3g and it seems that the device only prompts for the pin when it is powered off, but not when it is locked (by pressing the button on the top of the device).
Hi,
Just to follow on, you do not need to reactivate any users - changing the IT Policy or creating a new one and assigning this to the users does not require reactivation.
Setting local PIN/Password (i.e. not centrally configured) can work differently depending on what other options have been enabled/configured by the user.
Regards,
RobMobility.
Just to follow on, you do not need to reactivate any users - changing the IT Policy or creating a new one and assigning this to the users does not require reactivation.
Setting local PIN/Password (i.e. not centrally configured) can work differently depending on what other options have been enabled/configured by the user.
Regards,
RobMobility.
Ok, i see that. Sorry for the additional questions, but how is the local pin/password different from setting the password requirement in the IT policy? Arent they the same?
Featured Post
ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.
One of a set of tools we're offering as a way to say thank you for being a part of the community.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Read this checklist to learn more about the 15 things you should never include in an email signature.
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online.
The email signature template has been downloaded from:
www.mail-signatures…
Suggested Courses
Course of the Month9 days, 6 hours left to enroll
764 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.