How to block Remote File access for users or a group of users from the BlackBerry smartphone

Article ID: KB21616

Type: Support Content

Last Modified: 02-24-2012

 

Product(s) Affected:

  • BlackBerry Enterprise Server 5
CollapseEnvironment
  • BlackBerry® Enterprise Server 5.0 to 5.0 SP3
  • BlackBerry® Device Software 5.0
  • DT 356993
CollapseOverview

With BlackBerry® Device Software 5.0, BlackBerry smartphone users have the ability to access files, folders and drives on the network from the Files application under Applications folder. If the network path is entered and the BlackBerry smartphone user enters their Active Directory credentials, it is possible to open, move, delete and rename files.

Administrators may want to disable network file access for BlackBerry smartphone users, or a group. To disable remote file access complete the steps below:

Task 1 - Create URL patterns and Access control rules

 

1.    Launch the BlackBerry Administration Service.

2.    Under Servers and Components expand BlackBerry Solutions topology.

3.    Expand BlackBerry Domain and select Component View.

4.    Click on MDS Connection Service.

5.    Select Pull URL Patterns, then click Edit component.

6.    Under HTTP URL pattern, type .* into the text box and add a description for the pattern, e.g HTTP. Click the plus icon.

7.    Repeat step 6 for all remaining patterns, HTTPS, OCSP, LDAP and TCP. There is no need to create a FILE URL Pattern, Click on Save all.

8.    Select the Access Control rules tab and click on Edit component.

9.    In the Rule name enter Deny File Access, from the drop down list under URL pattern group select each pattern one at a time and set to allow, click on the plus icon to add each one, click on Save all when HTTP, HTTPS, OCSP. LDAP and TCP have been added.

 

Task 2 - Assign users to the Access Control Rules

 

1.    Launch the BlackBerry Administration Service.

2.    Under BlackBerry solution management expand User.

3.    Click on Manage users.

4.    Click Manage multiple users.

5.    Select which users to apply the access control role to.

6.    From Add to user configuration, click Add pull rule and select the pull rule created above.

7.    Click on Save.

 

Task 3 - Set the Pull authorization to Yes

 

Note: Enabling pull authorization without configuring and assigning pull roles will prevent all users from browsing to any web site using the BlackBerry Browser.  Please see article KB10342 for more information.

 

1.            Under Servers and Components expand BlackBerry Solutions topology.

2.            Expand BlackBerry Domain and select Component View.

3.            Click on MDS Connection Service.

4.            Click on the servername_MDS-CS_n.

5.            Click on Edit Instance.

6.            Under Access control set the Pull authorization to Yes.

7.            Click on Save all.

 

 

Task 4 – Restart the MDS-CS service

 

1.            Under Servers and Components expand BlackBerry Solutions topology.

2.            Expand BlackBerry Domain and select Component View.

3.            Click on MDS Connection Service.

4.            Click on the servername_MDS-CS_n.

5.            Select Restart instance.

 

CollapseAdditional Information

Once the above steps are completed, attempts to browse a share from a BlackBerry smartphone will lead to a prompt for login details, but the message File system error (6) is shown. In the BlackBerry MDAT log the following is written;

 

<2010-05-06 17:13:39.782 BST>:[110]:<MDS-CS_servername_MDS-CS_n>:<DEBUG>:<Error-details:Unathorized access to: /servername/share>

 

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.