Hi.

 

 

 

BES Express is your achilles on this one.

 

We worked through this extensively and found that because the Policy does not cater for IBS/WAP/BB Browsers like Premium BES, you may need to disable the MDS Service. The browser will kick over onto IBS for browsing but doing this will and may impact other Browser reliant Apps that are fixed to using BlackBerry Browser (Corp) and so may fail.

 

Work through the IT Policy for what its worth, create a new one and leave Default as is.

Also go through the components to ascertain denial of other things that suites your needs, again limited due to BES Express.

 

--

Gareth

Thanks Gareth, I was just reading http://www.blackberry.com/btsc/KB10342

It seems you can do most of this on Express, but it isn't entirely clear of the implications, plus you seem to have to apply the rules per user, you can't do it by group.

Don't suppose you have any thoughts on the steps it lists and how effective they are do you?

In terms of browsing, BES Express will by default use the Corp proxy, If you want to control that, I would honestly just manage it at the Proxy. Allow the browsing, if you require pre-authentication via the MDS setup this up, depending on your setup wrt Proxies and then manage site browsing via the proxy. This becomes a mental thing for the users that they are already aware what would be blocked whether Desktop or Handheld.

 

You will be restricted further for other options due to the limited IT Policy.

 

This article might work if you try deny all, this may just force the Browser calls via IBS.

I have not played with this in great detail, I would need to do that to advise further.

 

If this is possible for you, even on a temp VM, temp OS, install another BES Express.

Activate yourself on this, (Could transport yourself using BRK Transporter) and then play with these options to validate their use in your environment.

Playing within a VM is an option, I was simply hoping there would be a quick "don't allow access to anything on the LAN" option so that no apps could do anything but access the internet directly - wishful thinking perhaps

Check this first, under: BlackBerry Solution topology > BlackBerry Domain > Component view > Edit (MDS Connection Service) > HTTP

 

What is the Authentication Support set to?

If yes, set to No save and restart MDS Connection Service and retry LAN File access.

This is the minimum requirement for internal LAN/Intranet access. http://www.blackberry.com/btsc/KB23674

=============================

Look at this article, it may help. http://www.blackberry.com/btsc/KB21905

Document whats their already and remove the Config Sets.

It's set to "no". Presumably that would only affect http though and would still allow them to authenticate?

What I would like is for there to be zero access to anything on our LAN using an app on the blackberry, no files, no rdp, nothing other than email/exchange sync and direct internet access.

Express again, your achilles.

 

Try the other article regarding Config Sets

 

Also deny Applications by means of Software Configurations and Deny apps from being installed.

This topic is long winded you will need to work through.