Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Enterprise Service 10

Reply
Contributor
hutchingsp
Posts: 40
Registered: ‎11-23-2010
My Device: Not Specified

Restricting BES Express user to Exchange functionality only?

Is there a way using BES Express 5.0.3 that I can limit a user so they can only access Exchange functionality?

I'd sooner they weren't able to use their Blackberry to access anything on the LAN, and ideally all web traffic should go via their carrier and not our BES Express.

Thanks.

Please use plain text.
Developer
Gareth
Posts: 229
Registered: ‎05-14-2008
My Device: 8520, 9700

Re: Restricting BES Express user to Exchange functionality only?

Hi.

 

 

 

BES Express is your achilles on this one.

 

We worked through this extensively and found that because the Policy does not cater for IBS/WAP/BB Browsers like Premium BES, you may need to disable the MDS Service. The browser will kick over onto IBS for browsing but doing this will and may impact other Browser reliant Apps that are fixed to using BlackBerry Browser (Corp) and so may fail.

 

Work through the IT Policy for what its worth, create a new one and leave Default as is.

Also go through the components to ascertain denial of other things that suites your needs, again limited due to BES Express.

 

--

Gareth

Please use plain text.
Contributor
hutchingsp
Posts: 40
Registered: ‎11-23-2010
My Device: Not Specified

Re: Restricting BES Express user to Exchange functionality only?

Thanks Gareth, I was just reading http://www.blackberry.com/btsc/KB10342

It seems you can do most of this on Express, but it isn't entirely clear of the implications, plus you seem to have to apply the rules per user, you can't do it by group.

Don't suppose you have any thoughts on the steps it lists and how effective they are do you?
Please use plain text.
Developer
Gareth
Posts: 229
Registered: ‎05-14-2008
My Device: 8520, 9700

Re: Restricting BES Express user to Exchange functionality only?

In terms of browsing, BES Express will by default use the Corp proxy, If you want to control that, I would honestly just manage it at the Proxy. Allow the browsing, if you require pre-authentication via the MDS setup this up, depending on your setup wrt Proxies and then manage site browsing via the proxy. This becomes a mental thing for the users that they are already aware what would be blocked whether Desktop or Handheld.

 

You will be restricted further for other options due to the limited IT Policy.

 

This article might work if you try deny all, this may just force the Browser calls via IBS.

I have not played with this in great detail, I would need to do that to advise further.

 

If this is possible for you, even on a temp VM, temp OS, install another BES Express.

Activate yourself on this, (Could transport yourself using BRK Transporter) and then play with these options to validate their use in your environment.

Please use plain text.
Contributor
hutchingsp
Posts: 40
Registered: ‎11-23-2010
My Device: Not Specified

Re: Restricting BES Express user to Exchange functionality only?

Playing within a VM is an option, I was simply hoping there would be a quick "don't allow access to anything on the LAN" option so that no apps could do anything but access the internet directly - wishful thinking perhaps :smileyhappy:
Please use plain text.
Developer
Gareth
Posts: 229
Registered: ‎05-14-2008
My Device: 8520, 9700

Re: Restricting BES Express user to Exchange functionality only?

Check this first, under: BlackBerry Solution topology > BlackBerry Domain > Component view > Edit (MDS Connection Service) > HTTP

 

What is the Authentication Support set to?

If yes, set to No save and restart MDS Connection Service and retry LAN File access.

This is the minimum requirement for internal LAN/Intranet access. http://www.blackberry.com/btsc/KB23674

=============================

Look at this article, it may help. http://www.blackberry.com/btsc/KB21905

Document whats their already and remove the Config Sets.

Please use plain text.
Contributor
hutchingsp
Posts: 40
Registered: ‎11-23-2010
My Device: Not Specified

Re: Restricting BES Express user to Exchange functionality only?

It's set to "no". Presumably that would only affect http though and would still allow them to authenticate?

What I would like is for there to be zero access to anything on our LAN using an app on the blackberry, no files, no rdp, nothing other than email/exchange sync and direct internet access.
Please use plain text.
Developer
Gareth
Posts: 229
Registered: ‎05-14-2008
My Device: 8520, 9700

Re: Restricting BES Express user to Exchange functionality only?

Express again, your achilles.

 

Try the other article regarding Config Sets

 

Also deny Applications by means of Software Configurations and Deny apps from being installed.

This topic is long winded you will need to work through.

Please use plain text.
Guru III
knottyrope
Posts: 30,376
Registered: ‎06-25-2008
My Device:

I'm rockin the BlackBerry Passport, Z30, Z10, Q10, BlackBerry Mini Stereo Speaker, 64 gig PlayBook, BlackBerry Wireless Headset HS-700

My Carrier: I am on AT&T. Please edit your Personal Profile with your DEVICE TYPE, DEVICE OS and Carrier

Re: Restricting BES Express user to Exchange functionality only?

[ Edited ]

If you dont want it to access your LAN, deny access via your firewall to other servers and only allow to email server, SQL and domain controller..

 

I dont know of any apps that will look at your LAN as most would not know your LAN setup.

 

as for RDP, the above works.

 




Click here to Backup the data on your BlackBerry Device! It's important, and FREE!


Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals

BESAdmin's, please make a signature with your BES environment info.


SIM Free BlackBerry Unlocking FAQ
Follow me on Twitter @knottyrope


Want to thank me? Buy my KnottyRope App here


BES 5.0.4 and BES 10.2.2 with Exchange 2010 and SQL 2008


Please use plain text.