We're new to BES and Blackberries and like it overall. But one thing that drives us nuts is the provisioning of devices.

You can do so many things with BES, but not all. We can't set where to get the time from, what service to use for the browser by default, how to reconcile, etc.

The upshot is that we get the device, Enterprise Activate it, change the settings, and turf it to the user. Of course, during Enterprise Activation we get the policy to require a password. Except we're not the user. So we have to pick one for them....you get the idea.

So I'd like to make the device require a new password. Like I can with a Windows Logon, if you will forgive me. But with BES you can reset to a new one, but not force expiration. So...

I created an IT policy and set password expiration to 1 day (too small for this use, but it is what it is), created a new group, and assigned the policy to the group. I also bumped the order up to the top.

The idea is to assign the new user to the group and have let us know when they set the new password. We'll then remove them from the group.

1 hour later and here I sit, policy resent but no password expiration.

How funny. Had the same request the other day to force a change password prompt. Told them I couldn't find a way to do it so it is part of instructions for user to change the password.

I like the IT Policy hack.

BTW I think you can force the browser with the Default Browser Config UID set to the SRP of the BES you want to use.

Thanks for that pointer on the SRP.

The policy hack has not worked so far. It does not hit the device. Maybe it is just my device, as I have seen policies hit the device but take days to enact.

The policy should be applied and active the second it hits the device. However, I have found issues with updating things like the password timeout period that is less secure than the current setting. For example, if you enable a password on a device without setting the timeout period, it keeps the default timeout of the device pre-password (2 minutes). If you then decide you want to change the password timeout to something less secure, such as 30 minutes, it doesn't apply on the device.

...not sure if this could be something similar to your situation. But I will say that I've never seen a policy take DAYS to be active and visible on a device.

__________________
BCSA (4.1, 5.0) | BCSD (4.1, 5.0)

The views expressed by me on Port3101.org are my own and do not necessarily reflect the views of my employer.