05-31-2012 03:15 AM
Is there a way using BES Express 5.0.3 that I can limit a user so they can only access Exchange functionality?
I'd sooner they weren't able to use their Blackberry to access anything on the LAN, and ideally all web traffic should go via their carrier and not our BES Express.
05-31-2012 04:28 AM
BES Express is your achilles on this one.
We worked through this extensively and found that because the Policy does not cater for IBS/WAP/BB Browsers like Premium BES, you may need to disable the MDS Service. The browser will kick over onto IBS for browsing but doing this will and may impact other Browser reliant Apps that are fixed to using BlackBerry Browser (Corp) and so may fail.
Work through the IT Policy for what its worth, create a new one and leave Default as is.
Also go through the components to ascertain denial of other things that suites your needs, again limited due to BES Express.
05-31-2012 04:46 AM
05-31-2012 05:24 AM
In terms of browsing, BES Express will by default use the Corp proxy, If you want to control that, I would honestly just manage it at the Proxy. Allow the browsing, if you require pre-authentication via the MDS setup this up, depending on your setup wrt Proxies and then manage site browsing via the proxy. This becomes a mental thing for the users that they are already aware what would be blocked whether Desktop or Handheld.
You will be restricted further for other options due to the limited IT Policy.
This article might work if you try deny all, this may just force the Browser calls via IBS.
I have not played with this in great detail, I would need to do that to advise further.
If this is possible for you, even on a temp VM, temp OS, install another BES Express.
Activate yourself on this, (Could transport yourself using BRK Transporter) and then play with these options to validate their use in your environment.
05-31-2012 05:28 AM
05-31-2012 05:46 AM
Check this first, under: BlackBerry Solution topology > BlackBerry Domain > Component view > Edit (MDS Connection Service) > HTTP
What is the Authentication Support set to?
If yes, set to No save and restart MDS Connection Service and retry LAN File access.
This is the minimum requirement for internal LAN/Intranet access. http://www.blackberry.com/btsc/KB23674
Look at this article, it may help. http://www.blackberry.com/btsc/KB21905
Document whats their already and remove the Config Sets.
05-31-2012 05:52 AM
05-31-2012 06:04 AM
Express again, your achilles.
Try the other article regarding Config Sets
Also deny Applications by means of Software Configurations and Deny apps from being installed.
This topic is long winded you will need to work through.
I am on AT&T. Please edit your Personal Profile with your DEVICE TYPE, DEVICE OS and Carrier
05-31-2012 09:44 AM - edited 05-31-2012 09:45 AM
If you dont want it to access your LAN, deny access via your firewall to other servers and only allow to email server, SQL and domain controller..
I dont know of any apps that will look at your LAN as most would not know your LAN setup.
as for RDP, the above works.