How to delete a user from the BlackBerry Enterprise Server with the "Erase Data" and "Disable Handheld" command

Article ID: KB04529

Type: Support Content

Last Modified: 05-01-2014

 

Product(s) Affected:

  • BlackBerry Enterprise Server
CollapseEnvironment
  • BlackBerry Enterprise Server 4.0 to 5.0 SP3
CollapseOverview

The Erase Data and Disable Handheld command can be sent to a BlackBerry smartphone over the wireless network to erase all data and disable it so that it is no longer connected to the BlackBerry Enterprise Server. Always verify whether the command is successfully sent and received.

The BlackBerry smartphone must be turned on and in a wireless coverage area sufficient enough to receive the command. If the BlackBerry smartphone is turned off or is out of a wireless coverage area, the command is queued on the BlackBerry Enterprise Server until the smartphone is turned on or returns to a wireless coverage area.

Note: If a user is removed from the BlackBerry Enterprise Server before the command has reached the BlackBerry smartphone, data will not be erased from the BlackBerry smartphone.

Use the Erase Data and Disable Handheld command

To send the Erase Data and Disable Handheld command, complete the following steps:

BlackBerry Enterprise Server 4.0 to 4.1 SP7

  1. Open BlackBerry Manager.
  2. Click the User List tab.
  3. In the IT Admin section, click Erase Data and Disable Handheld.
  4. Click Yes to erase data.

Note: If using BlackBerry Enterprise Server 4.0 SP5 or earlier for Microsoft Exchange, use the Kill Handheld command to erase the data on a BlackBerry smartphone and disable it. For more information, see the BlackBerry Enterprise Server for Microsoft Exchange version 4.0 Administration Guide found here.

BlackBerry Enterprise Server 5.0 to 5.0 SP3

  
1. In the BlackBerry Administration Service, on the BlackBerry Solution Management menu, expand User.

  
2. ClickManage users.
  
3. Search for a user account.

  
4. In the search results, click the PIN for the user account.
  
5. In the Activation list, click Delete all device data and disable device.
  
6. Click
Yes - Delete all device data and disable device.

Use the BlackBerry Enterprise Server Resource Kit to send the Disable Handheld and Delete all device data command to multiple handheld. 

1. Download the BlackBerry Enterprise Server User Administration Tool, click on the Software Download for BlackBerry Enterprise Server Resource Kit.

2.  Install the BlackBerry Enterprise Server User Administration Tool.

3. Use following command to delete all data from the BlackBerry smartphone and make the device unavailable for multiple user's device.

besuseradminclient -username admin -password password -kill_handheld -i c:\path to\Test.csv  

The Test.csv input file contains the following information:  

-u
USER1@example.com
USER2@example.com
USER3@example.com
USER4@example.com
USER5@example.com  

Display Name can also be used in .csv file. Following is the example:

-u
DisplayName1
DisplayName2
DisplayName3
DisplayName4
DisplayName5

The -utype parameter can be used within the command line. 

besuseradminclient -username admin -password password -kill_handheld -utype email_address -i c:\path to\Test.csv  

If you do not specify a type using the -utype subparameter, the tool searches for user accounts using the display name first, then email address, then login name, and then canonical name. Searching by canonical name is available for the BlackBerry Enterprise Server for IBM Lotus Domino only and is the least preferred method of searching for user accounts. Searches (except by canonical name) match on substrings. 

Please note this feature is available on BlackBerry Enterprise Server 5.0 or above. 

To verify that the command was successfully sent, the BlackBerry Policy Service logging level must be set to 4. For instructions on configuring logging levels, see the Additional Information section in this article.

To verify that the Erase Data and Disable Handheld command has been sent and received, review the BlackBerry Policy Service log file. By default, the BlackBerry Policy Service log file is located in C:\Program Files\Research In Motion\BlackBerry Enterprise Server\Logs\<date>.

The BlackBerry Policy Service (POLC) log file displays lines that are similar to the following:

[40000] (10/03 13:00:52):{0x974}{<user_name>@<domain>,PIN=XXXXXXXX, UserID=1}SCS::PollDBQueueNewRequests - Queuing KILL_DEVICE_REQUEST request

The previous line indicates when the command was first sent and that the command is being queued for the BlackBerry smartphone.

[40000] (10/03 13:01:15):{0x960} {<user_name>@<domain>, PIN=XXXXXXXX, UserId=1}RequestHandler::HandleITADMINDataCommand -ITPolicy Receive Ack for the command KILL_HANDHELD_COMMAND - Processing packet, Tag=23980295

The previous line indicates when the BlackBerry smartphone received the command and that it sent a confirmation of the receipt.

Note 1:

To search using a string in the log file, search for ITPolicy Received Ack for the command KILL_HANDHELD_COMMAND. Once the string is located, one can verify the user associated with the command. Search for this string when the smartphone does not meet the requirements to receive the command when it is first sent.

Note 2

This does not remove the IT policy from the smartphone.

To remove all association of the smartphone with the BlackBerry Enterprise Server, see KB14202.

CollapseAdditional Information

To configure the logging level for the BlackBerry Policy Service log, complete the following steps:

  1. In the BlackBerry Server Configuration tool, click the Logging tab.
  2. Select BlackBerry Policy Service and set the Debug Log Level to 4.
  3. Click Apply and then click OK.

See KB04433 for information on event log levels.

Consider the following items when the Erase Data and Disable Handheld command is executed:

  1. If the BlackBerry smartphone is turned off when the Erase Data and Disable Handheld command is sent, the command is executed as soon as the BlackBerry smartphone connects to the wireless service provider's network. The command is queued on the BlackBerry Infrastructure for 7 days.
  2. If a user account is activated with a new BlackBerry smartphone and the user account was not removed from the BlackBerry Enterprise Server, the Erase Data and Disable Handheld command is executed.
  3. The Erase Data and Disable Handheld command can be canceled by selecting the Cancel Pending Disable Handheld option.
  4. The Erase Data and Disable Handheld command can still be sent to a BlackBerry smartphone that has a Microsoft Active Directory account disabled, or when a user has had their mailbox deleted from the mail store, as long as the user was not removed from the BlackBerry Enterprise Server.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.