Welcome to Port3101.org : Your BES Connection Mark forums read | View Forum Leaders
Port3101.org : Your BES Connection



Reply
LinkBack Thread Tools Display Modes
How To: Remove IT Policy
 
  #1 (permalink)  
Old 01-02-2009, 03:24 PM
John Clark's Avatar
BES Guru
 
Join Date: Dec 2008
Posts: 589
Default How To: Remove IT Policy

Method 1: Remove All Policy: (Preferred)

If you have any 8xxx device the best method for removing IT policy is to update it to OS 4.3 or higher and you can use JL_Cmder's "resettofactory" command to remove ALL IT policy, Firewall restrictions and Application Permission settings. After you've upgraded to OS 4.3 or higher, simply backup the device using Desktop Manager, close Desktop Manager, then run JL_Cmder and execute the "resettofactory" command. The device will wipe, then reboot leaving the OS, 3rd party apps but no data AND, best of all, NO IT policy whatsoever. When you're done, simply restore your backup and you're good to go with no policy or locked firewall. You can downgrade back to the old OS if you desire, too.

If your device is running OS 4.2 or lower you will need to do the following:



Method 2: Place Blank Policy (OS 4.2 and earlier devices)
Quote:
WARNING!
Follow these instructions only if you know what you are doing.
These instructions can actually downgrade certain BlackBerry's abilities (i.e. permanent loss of support for Bluetooth keyboards) if your BlackBerry actually does not already have an IT policy installed. These instructions are meant as a last resort to regain BlackBerry capabilities, in the event your BlackBerry is encumbered by a restrictive leftover IT policy after removal from a BES. (i.e. eBay purchased BlackBerry) and you are unable to upgrade the device to OS 4.3 or higher
Removing IT Policy by Placing Blank IT Policy:


This procedure should only be used on devices that cannot be upgraded to OS 4.3 or higher. If you have an 8xxx device then use the method described above. If you have an older 7xxx device or have OS 4.2 on the device then continue with the following instructions. This is a How-To for removing IT policy from your BB. In essence, what this does is apply a blank IT policy to the device. The blank IT policy does, unfortunatly, leave some IT policy firewalls in place, however. For instance "keystroke injection" is set by default to "deny" on most IT policies. This blank policy won't give back "allow" for this feature. This becomes a problem if you desire to use a Bluetooth keyboard. You'll be unable to use the keyboard. If a way is found to get this back then I'll edit this post accordingly. A quick check to see if your BB is under IT policy can be done by going to Options/Security on your Device. If you see any references to IT Policy whatsoever, then you have a potentially restrictive IT Policy that can be removed. The Disclaimer/Intended Use. This guide is intended for use by people that own their own Blackberry, and for whatever reason, have inherited a company's IT policy on their device. Really, there are two scenarios where this guide is useful.
  • You bought a Blackberry on eBay and are unable to make changes to the settings or install Third Party Applications.
  • You have a Blackberry that was previously connected to a company's BES and, for whatever reason, you no longer intend to connect to that BES.
Important: If you're still connected to a company BES, and simply want to install the latest and greatest third party application I would not recommend this approach. Talk to your BES administrators and ask them to grant you the appropriate rights. There are two problems in using this guide to bypass your company's security policy. First, whenever you reconnect to the company server, your security settings will revert back to how they were. Second, and perhaps more importantly, you run the risk of getting fired.

Procedure:

Step 1 Ensure the Blackberry Desktop Manager is installed using Blackberry Internet Service, and not Blackberry Enterprise Server. If you are unsure, it would probably be a good idea to uninstall the Desktop Manager and start again. If you don't have the CD that came with your Blackberry, the Software can be downloaded here.

Step 2 Download the file policy.bin and save it in your Blackberry installation directory (C:\Program Files\Research In Motion\BlackBerry).

Step 3 Wipe your Blackberry, creating a backup if necessary. Select Options/Security/Wipe on the Device. If this option is unavailable, you may have to install the latest software on your Blackberry. You need to Download and install the latest OS for your device. Connect your device, open the Desktop Manager, select Application Loader, and follow the prompts.

Step 4 Close the Desktop Manager if it is open.

Step 5 From the Windows XP Start Menu select Run..., and at the prompt type regedit. In the tree on the left hand side, navigate to:

HKEY_Current_Users\Software\Research In Motion\BlackBerry\PolicyManager

Right-Click the Policy Manager Folder and select New/String Value. Name the value Path. Now, Double-Click the Path Subkey and set Value Data to:

C:\Program Files\Research In Motion\BlackBerry\policy.bin

Step 6 Open the Desktop Manager.

Step 7Connect the Device. Verification Once complete, the Options/Security screen on your Blackberry should not contain references to an IT Policy, you should now be able to change all settings (including password prompts), and install Third Party Applications.

A big thanks to 7100simpleisbetter and barjohn of BlackberryForums.com for this BB saving procedure. Also a big thanks to d_fisher for JL_Cmder.

I personally wrote this policy so that there would be no question as to what it does to your device. Here is the code included in the Policy.bin above: (If you have comments or questions or you see something that should be changed, please contact me in this thread or via PM.)


IMPORTANT Note: After following these instructions, any BB connected to your Desktop Manager will have this policy applied. For that reason it is highly recommended that after finishing placing this blank policy to the restricted BlackBerry I recommend removing the policy.bin and the registry entry you added from your computer. Basically go back and reverse these instructions. If you don't then you risk plugging in a new BB or someone else's BB with NO policy and adding this blank policy to it as well.

Code:
;
;***************************************************************************
 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Desktop Manager Configuration
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
; If application is shown on task bar.
HideWhenMinimized {default} = true
 
; Prompt the user when the Desktop Manager starts.
MessagePrompt {default} = Welcome to the Desktop Manager.
 
; To enable or disable the USB-Serial converter
EnableUSBconverter {default} = true
 
; Control whether the Application Loader is available to the user.
ShowApplicationLoader {default} = true
 
; Control whether if offline IT Policy warning prompt should be displayed.
ShowPolicyErrMsg {default} = true
 
; Control the length of time the device password is cached by Desktop Manager. (Minutes)
DesktopPasswordTimeout {policy} = 10
 
; This setting controls whether or not Desktop add-ins are permitted.
; When set to false, no desktop add-in code will be executed.
AllowDesktopAddIns {policy} = true
 
; Indicates whether or not the desktop software will allow the user to switch devices.
AllowDeviceSwitch {policy} = true
 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Synchronization
;; Synchronize for PIM,Email and Folder Management defaults.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
 
; This setting allows you to specify whether or not you would like PIM 
; information to be synchronized when the user selects the Synchronize Now 
; button from the Intellisync dialog.
SynchronizeNowPIM = true
 
; This setting allows you to specify whether or not you would like Email
; information to be synchronized when the user selects the Synchronize Now 
; button from the Intellisync dialog.
SynchronizeNowEmail = true
 
; This setting allows you to specify whether or not you would like the date and 
; time to be synchronized when the user selects the Synchronize Now button from 
; the Intellisync dialog.
SynchronizeNowDateTime = true
 
; This setting allows you to specify whether or not you would like PIM 
; information to be  to be automatically synchronized when the handheld 
; is connected to the PC.
AutoSynchronizePIM = false
 
; This setting allows you to specify whether or not you would like Email
; information to be  to be automatically synchronized when the handheld 
; is connected to the PC.
AutoSynchronizeEmail = false
 
; This setting allows you to specify whether or not you would like Date and Time
; information to be  to be automatically synchronized when the handheld 
; is connected to the PC.
AutoSynchronizeDateTime = false
 
; This setting allows you to specify whether or not you would like to synchronize 
; folders instead of performing an import.
SyncFoldersInsteadOfImport = true
 
; This setting allows you to specify how information conflicts between the handheld 
; and the PC encountered during synchronization are handled. If set to true, desktop 
; information is used. If set to false, handheld information is used.
FolderConflictDesktopWins = true
 
; This setting allows the enabling or disabling of wireless email reconcilation.
AllowWirelessEmailSynchronization = true
 
; This setting allows the wireless calendar synchronization functionality to be disabled.
DisableWirelessCalendar = false
 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Redirector Settings
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
; Append signature on out going messages
AutoSignature = -----------------\
Sent from my BlackBerry Handheld.
 
; Forwards messages to the handheld
ForwardMessagesToHandheld = true
 
; Allows user's to receive mail when handheld is connected to cradle
ForwardMessagesInCradle = true
 
; Setup filter rules for email redirection
FilterRuleFile = c:\myfilters.rfi
; When filter rules don't apply, forward or don't send messages
ForwardWhenRulesDontApply = true
 
; When sending a message from handheld, don't save a copy in my 'Sent Items' folder
DontSaveSentMessages = false
 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Backup/Restore Configuration
;;
;; These value control the setting in "Backup and Restore Options" dialog
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
; This value control the value of the "Automatically backup my handheld" setting
; in the options dialog, which is enables or disables prompted Automatic Backups.
AutoBackupEnabled = true
 
; This value indicates how often an AutoBackup is performed in days.
AutoBackupFrequency = 7
 
; This setting controls the exclusion of Email and synchronized data from the
; automatic backup. If set to true, the "Backup all handheld application data"
; radio button is selected.
AutoBackupIncludeAll = true
 
; This setting allows control over whether email is excluded from automatic backups
; (when AutoBackupIncludeAll is false).
AutoBackupExcludeEmail = false
 
; This setting allows control over whether synchronized application data is excluded
; from automatic backups (when AutoBackupIncludeAll is false). "Synchronized data" is
; that data which is configured for synchronization with Intellisync; this varies
; according to the user's preferences.
AutoBackupExcludeSync = false
 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; WebLink Configuration
;;
;; These values control the appearance and behaviour of the WebLink extension.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
; Setting this value to false prevents the WebLink icon from being displayed.
ShowWebLink = true
 
; This setting specifies the URL that will be used when the WebLink
; icon is activated.
WebLinkURL = www.your_network_here.com/go/downloads
 
; This setting controls the label that is displayed for the WebLink icon.
WebLinkLabel = Downloads
 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Device Security Settings
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
; Determine if the password is required on device
PasswordRequired {policy} = false
 
; Determine if the user can disable the password
UserCanDisablePassword {policy} = true
 
; Minimum length of the password.
; Valid range is 1 to 12 characters, inclusive.
;
; This value indicates the minimum length of an acceptable device
; security password.
MinPasswordLength {policy} = 1
 
; Password Pattern Checks
; Valid range is 0 or 1 at this time
;    0 -> no checks
;    1 -> ensure password has at least on letter and one digit
PasswordPatternChecks {policy} = 0
 
; Suppress Password Echo
;
; Option to disable password echo after x numbers of fail attempts to unlock handheld.
; false -> Disable
; true -> Enable
;
SuppressPasswordEcho {policy} = false
 
; Maximum device security timeout.
; Valid range is 1 to 60 minutes, inclusive.
;
; The handheld user is permitted to select any security timeout value
; less than this value.
MaxSecurityTimeout {policy} = 60
 
; Password Timeout
; Valid range is 0 to 60 minutes, inclusive.
;
; Set the effective password timeout on handheld.  This value must be 
; less than that of the MaxSecurityTimeout.
SetPasswordTimeout {policy} = 0
 
;
; If set, forces the device to the lock screen when it is holstered
ForceLockWhenHolstered {policy} = false
 
; Determine if the user can change the timeout
UserCanChangeTimeout {policy} = TRUE
 
; Password aging.
; Valid range is 0 to 365.
; 
; Specifying a value of 0 indicates password aging is disabled. Other
; values specify the maximum age of the password before the handheld
; user is prompted to change it.
MaxPasswordAgeInDays {policy} = 0
 
; Password History
; Valid range is 0 to 15
;
; Specify the number of passwords to retain for checking. Passwords in password history cannot be used when 
; setting a new handheld password.
;
MaximumPasswordHistory {policy} = 0
 
 
; Maximum Password Attempts
; Valid range is 3 to 10
;
; Set the maximum number of  password attempts on handheld. 
;
SetMaximumPasswordAttempts {policy} = 10
 
; Indicate if Long Term Security Timeout is enabled/disabled
;
; If true, handheld long term timeout is enabled
; If false, handheld long term timeout is disabled.
LongTermTimeoutEnable {policy} = false
 
; Attachment Viewing
;
; Controls the ability to view email attachments on the handheld.  
; If set to true then users can view attachments on the handheld 
AllowAttachmentViewing {policy} = true
 
; Policies that control the behaviour of third party applications
; on Java-based handhelds.
AllowThirdPartyUseSerialPort {policy} = true
AllowExternalConnections {policy} = true
AllowInternalConnections {policy} = true
AllowSplitPipeConnections {policy} = true
DisallowThirdPartyAppDownloads {policy} = false
 
; Policies that control the behaviour of the handheld Browser application
;
; DefaultBrowserConfigUID {default} = "BlackBerry Browser"
; MDSBrowserTitle {default} = "YourCompany Intranet"
; HomepageAddress {default} = www.your_network_here.com
; HomepageAddressReadOnly {policy} = true
; EnableWAPConfig {policy} = false
 
 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
; Policies that apply to the TLS protocol. 
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
 
; TLS Disable Invalid Connection
; Disallow users to connect to a server with an invalid certificate (i.e revoked, expired, etc ).
; Value: 0=true,1=false,2=prompt on device
TLSDisableInvalidConnection {policy} = 1
 
; TLS Disable Untrusted Connection
; Prevent TLS connections to untrusted servers.
; Values: 0=true,1=false,2=prompt on device
TLSDisableUntrustedConnection {policy} = 2
 
; TLS Disable Weak Ciphers
; Disable use of weak ciphers during a TLS connection.
; Values: 0=true,1=false,2=prompt on device
TLSDisableWeakCiphers {policy} = 2
 
; TLS Minimum Strong DH Key Length,
; Valid range 512 to 4096
TLSMinimumStrongDHKeyLength {policy} = 1024
 
; TLS Minimum Strong ECC Key Length
; Valid range 160 to 571
TLSMinimumStrongECCKeyLength {policy} = 163
 
; TLS Minimum Strong RSA Key Length
; Valid range 512 to 4096
TLSMinimumStrongRSAKeyLength  {policy} = 1024
 
; Disable the use of any cipher that is not FIPS compliant.
TLSRestrictFIPSCiphers {policy} = false
 
; TLS Minimum Strong DSA Key Length
; 
; Set the minimum DSA key size allowed for use during a TLS connection.
; Range: 512 - 1024 bits in 64 bit increments
TLSMinimumStrongDSAKeyLength {policy} = 1024
 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Messaging Settings.
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
; Indicate if PIN to PIN messaging is permitted.
;
; If true, handheld users are permitted to use the PIN to PIN messaging
; feature. If false, this capability is hidden from the handheld user.
AllowPINtoPIN {policy} = true
 
; Indicate if the specification of BCC recipients is permitted.
;
; If true, handheld users can specify BCC recipients when composing messages.
; If false, this capability is unavailable to handheld users.
AllowBCCRecipients {policy} = true
 
; Indicate if SMS messaging is permitted.
;
; If true, handheld users are permitted to send SMS messages.
; If false, this capability is unavailable to handheld users.
AllowSMS {policy} = true
 
; Indicate if the RIM phone application can be used on the handheld.
;
; If true, handheld users are permitted to use the handheld's phone.
; If false, users are not permitted to use the handheld's phone.
AllowPhone {policy} = true
 
; Indicate if the RIM web browser can be used on the handheld.
;
; If true, handheld users are permitted to use the handheld's web browser.
; If false, users are not permitted to use the handheld's web browser.
AllowBrowser {policy} = true
 
; Indicate if other email services are permitted on the handheld.
;
; If false, no other email service books (other than the Enterprise
; edition one) are permitted on the handheld. Any other existing email
; service books are removed when the policy is installed; while the
; policy is in effect, other email service books will be rejected by the
; device. This forces all outbound email to be routed through the
; organization's BlackBerry Enterprise Server. 
;
; If true, no restrictions are applied to email service books.
AllowOtherEmailServices {policy} = true
 
; Indicate if other browser transport services are permitted on the handheld.
;
; If false, no other browser transport service books (other than the
; Enterprise edition one) are permitted on the handheld. In this case,
; any other existing browser transport service books are removed when the
; policy is installed; while the policy is in effect, other browser transport
; service books will be rejected by the device. This forces all browser
; traffic to be routed through the organization's BlackBerry Enterprise Server. 
;
; If true, no restrictions are applied to browser transport service books.
AllowOtherBrowserServices {policy} = true
 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Owner Information
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
; Owner Name - if value = '*' use the registry setting
OwnerName {default} = Research In Motion Ltd.
 
; Owner Info - if value = '*' use the registry setting
OwnerInfo {default} = This BB has Blank IT policy on it written by John Clark from www.BlackBerryForums.com
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Other Info
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
Attached Files
File Type: zip JL_Cmder v1.9.1.zip (107.2 KB, 1832 views)
File Type: bin policy.bin (14.5 KB, 438 views)

Last edited by John Clark; 01-02-2009 at 03:55 PM.
Reply With Quote
Sponsored Links
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
KB14202 - How to remove an IT policy from a BlackBerry smartphone hdawg Featured BlackBerry KB Articles 3 05-26-2011 10:50 AM
How do I remove BES from an ebay BB 9000 ? nlj Power Users 11 08-29-2010 01:27 PM
Best practise. Remove BIS emails from handheld millardus Port 3101: The BES Admin Bar & Grill 1 11-23-2009 01:45 PM
Script to remove BES log files/directories Messisa Scripts & Tools / Hints & Tricks 12 07-20-2009 08:03 PM
KB10877 - How to remove a BlackBerry smartphone user from a BES hdawg Featured BlackBerry KB Articles 0 06-16-2009 11:22 AM


All times are GMT -4. The time now is 04:03 AM.
Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2018, vBulletin Solutions, Inc.


 

SEO by vBSEO 3.3.2 PL2