Anybody using Content Protection? We're in an environment that has not used content protection and will be forcing it on, what should we watch out for and what complaints should we expect to hear.

We implemented this last year and had a couple of teething problems.

First one is to make sure that the default setting of encrypting contacts is changed to no. If peoples contacts are encrypted then any incoming calls from people in their contacts will be hown as unknown caller if the device is locked. We found no way of changing this on the BES and had to build it into the configuration process as a manual step.

Secondly turning content protection / memory cleaning on also seems to have the side effect of causing the antenna not to automatically turn on when a device is restarted. Users need to be reminded to turn this on manually in "manage connections".

Lastly there was a fault found with early releases of the BlackBerry 8520 with content protection turned on, making the device reboot with a white screen as soon as content protection is turned on. Although all of these devices should of been recalled we occaisionly get one in that needs returning.

We use content protection, but the only time I have seen the problem that you have described is when I also had Force Content Protection Of Master Keys enabled as well.

We're watching the "Encrypt address book" and think we have it so it remains clear. Thanks for pointing out the other things, I'll keep an eye out for them.

Did you notice an increase in the time it takes to wipe a device? We haven't tested it but some were saying it can take 1-2 hours to go through a device wipe. Pretty high penalty for fat fingering your password.

The decrypting and wiping of the device during a hard reset is much longer on the older devices (8700, 8100, etc). Newer devices with more processing power deal with it much better and generally take maybe only ten or fifteen minutes longer than without content protection enabled.

We are using content protection since years and had regular problems :

- Content protection can be enabled, but not be disabled through a policy. User has to re-set in manually.
- Addressbook is set to be included into protection, so phonecalls arrive with number and not with name.
- enabling CP on a device requires a reboot. The user is asked, but after a few times the device forces the reboot. Leaving him not reachable.
- A device with CP requires up to 90 minutes to be wiped. Workaround. Deploy a policy without CP before, and turn CP off.

Kind regards
-bl-

To centrally disable the encryption of the Contact List, look in the 'security' tab of the IT Policy... set the value 'Content Protection of Contact List' to 'Disallowed'

Once Content Protection is enabled, any time a device is wiped, it follows the wipe by 'Scrubbing' the contents of it's Flash memory... this is what takes the extra time.

Devices prior to the Bold write over the flash memory by a pattern similar to:

11111111
10101010
11111111
01010101
11111111
11001100
00110011
11111111

This is what takes an hour or more to complete, and ensures data cannot be forensically retrieved from the flash memory.

Devices from the Bold onwards only write over the flash a couple of times, which is why they only take a few minutes to 'scrub'

IT Policies allow you to restrict functionality, but not positively effect values, so yes you can enforce the use of content protection within an it policy, but not then laterly switch it off. you can simply stop enforcing the restriction, but the user will then need to switch off content protection on the device themself. Similar example... you can prevent people from enabling the 'Allow outgoing calls whilst locked' within an IT Policy, but cannot forcefully enable the feature on behalf of the user... they have to switch it on themself if they want it.

regards, Craig

Thanks for this, the option was not available in the previous incarnation of BES we were using when this was setup. Will have to go back and check what else is new now

The option came around in BES 4.0 service pack 6, and was called 'Force Include Address Book In Content Protection'. It got renamed in BES 5.

regards

Craig