How to import IT policy rule definitions for BlackBerry 7

Article ID: KB28284

Type: Support Content

Last Modified: 04-30-2012

 

Product(s) Affected:

  • BlackBerry Enterprise Server for Microsoft Exchange
  • BlackBerry Enterprise Server for IBM Domino
  • BlackBerry Enterprise Server for Novell GroupWise
CollapseEnvironment
  • BlackBerry® Enterprise Server 4.0 to 5.0
  • BlackBerry® 7
CollapseOverview
The attached file contains several new IT Policies to support BlackBerry® 7 smartphones. Descriptions of these policies are below:

Security > Enforce FIPS Mode of Operation

Description: Specify whether a BlackBerry device must operate in FIPS mode. If you set this rule to Yes, the device operates in a FIPS mode of operation and uses a cryptographic kernel that is FIPS-validated. If you set this rule to No, the device is not required to operate in FIPS mode and use a cryptographic kernel that is FIPS-validated. Note: As per the FIPS Security Policy, AES must be selected as the transport algorithm to operate in FIPS mode. The BlackBerry device user is required to reset the device when switching into and out of FIPS mode. If you do not set this rule, a default value of No will be used.

Security > Force Cryptographic Power Analysis Protection

Description: When set, this IT Policy will force the use of algorithms which have cryptographic power analysis protection built in. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 7.0.0 and higher

Security > Allow Voice Enabled Services

Description: Voice Enabled Services allows users to speak to their device to perform different actions. This IT Policy item contains the rules that controls the availability of Voice Enabled Services on BlackBerry devices. If you do not set this rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devices version 7.0.0 and higher

Security > Allow the synchronization of data from voice enabled services

Description: Specify whether a BlackBerry device can synchronize data with a server for voice enabled services. Synchronizing data can improve the accuracy of voice enabled services. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 7.0.0 and higher

S/MIME > S/MIME Attachment Support

Description: Specify how a BlackBerry device processes S/MIME-protected messages that include attachments. When you choose End-to-End and the user wants to encrypt, sign, or both a message that includes an attachment, the device encrypts, signs, or both the message using S/MIME before the device sends the message. You must choose Trusted BES if devices must forward, using S/MIME, messages that include attachments. If you choose Trusted BES, when the device forwards messages that include attachments, the device trusts the BlackBerry Enterprise Server to act as a proxy and complete part of the encryption process or signing process. When the user wants to forward and sign a message, the BlackBerry Enterprise Server processes the message and the device signs it. When the user wants to forward and encrypt a message, the device forwards the message to the BlackBerry Enterprise Server without encrypting it. The BlackBerry Enterprise Server then encrypts the message. If you do not set this rule, a default value of "End-to-End or Trusted BES" will be used. This rule applies only to Java-based BlackBerry devices version 7.0.0 and higher

Browser > Disable WebSockets version 00 in Browser

Description: Specify whether to prevent the creation of WebSocket version 00 connections from the Browser on a BlackBerry device. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 7.0.0 and higher

Wi-Fi > Disable Enterprise Wi-Fi® Profiles BackupWi-Fi 

Description: Set to Yes to disable serial and wireless backup of Wi-Fi profiles provisioned via IT policy. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 7.0.0 and higher

Wi-Fi > Disable data exchange for Mobile Hotspot mode

Description: Specify whether Wi-Fi enabled devices can exchange data when they are connected to a BlackBerry device in Mobile Hotspot mode. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 7.0.0 and higher

Wi-Fi > Prohibited SSIDs for Mobile Hotspot mode

Description: Specify a list of SSIDs that a BlackBerry device cannot use as Mobile Hotspot SSIDs. Separate multiple SSIDs with a comma. This rule applies only to Java-based BlackBerry devices version 7.0.0 and higher.

Wi-Fi > Allow Mobile Hotspot mode

Description: Specify whether to allow Mobile Hotspot mode on a BlackBerry device. If you do not set this rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devices version 7.0.0 and higher

Phone > Enable Auto-Answer Incoming Call User Option

Description: Specify whether the option to auto answer a call after 5 seconds is available on a BlackBerry device. Set this rule to No to prevent the user from configuring the device to answer incoming calls automatically. This rule only applies to auto answer after 5 seconds and not to auto answer on unholster or open flip user options. If you do not set this rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devices version 7.0.0 and higher

Secure Email > Suggest Default Encoding for All Outgoing Email and PIN Messages

Description: Specify whether a BlackBerry device suggests the default encoding for all outgoing email and PIN messages. If you set this rule to Allowed, the BlackBerry device user can select whether to use the default encoding or the encoding determined by the email or PIN message history to suggest the encoding for outgoing email or PIN messages. If you set this rule to Required, the device suggests the default encoding. If you set this rule to Disallowed, the device suggests the encoding determined by the email or PIN message history. If you do not set this rule, a default value of "Allowed (default)" will be used. This rule applies only to Java-based BlackBerry devices version 7.0.0 and higher.

NFC > NFC Feature

Description: Specify whether a BlackBerry device can use NFC features. If you do not set this rule, a default value of "Allow (default)" will be used. This rule applies only to Java-based BlackBerry devices version 7.0.0 and higher

NFC > Allow NFC Peer to Peer Device Communication Mode

Description: Specify whether a BlackBerry device can send or receive data using Link Level Control Protocol (LLCP) with Near Field Communication (NFC) Peer to Peer mode. In Peer-to-Peer mode, two NFC devices can exchange data. This data can include Bluetooth or WiFi link set up parameters or virtual business cards or digital photos. Peer-to-Peer mode is standardized on the ISO/IEC 18092 standard. Set this rule to Yes to allow the device to send or receive data using LLCP. Set this rule to No to prevent the device from using LLCP. If you do not set this rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devices version 7.0.0 and higher

NFC > Allow NFC Tag Reader/Writer Mode

Description: Specify whether a BlackBerry device can read or write NFC tags and NFC cards. In reader/writer mode, an NFC device is capable of reading or writing to NFC Forum mandated tag types, such as in the scenario of reading an NFC Smartposter tag. The reader/writer mode is on the RF interface compliant to the ISO 14443 and FeliCa schemes. If you set this rule to Yes NFC Reader/Writer transactions are permitted. If you set this rule to No NFC Reader/Writer transactions are not permitted. If you do not set this rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devices version 7.0.0 and higher

NFC > Allow NFC Card Emulation Mode 

Description:Specify whether a BlackBerry device can emulate an NFC tag or NFC card. In Card Emulation mode, the NFC device itself acts as an NFC tag, appearing to an external reader much the same as a traditional contactless smart card. This enables use cases such as contactless payments and eticketing. If you set this rule to Yes NFC Card Emulation Mode transactions are permitted. If you set this rule to No NFC Card Emulation Mode transactions are not permitted. If you do not set this rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devices version 7.0.0 and higher


To import the IT policy rule definitions, complete the steps below for the appropriate version of the BlackBerry Enterprise Server.

Note: The following updates to the IT policy rule definitions may refer to features not available in earlier versions of the BlackBerry Enterprise Server.

Warning: Do not modify the IT policy rule definition update file. Importing a modified file might cause issues with the functioning of the BlackBerry Enterprise Server.

 

Method 1 - Update the IT policy rule definition using BlackBerry Manager or BlackBerry® Administration Service

BlackBerry Enterprise Server 5.0

  1. Download the ITPolicyPackHH70.zip file attachment and unzip it to a temporary folder on the local computer hosting the BlackBerry Manager.
  2. Open BlackBerry Administration Service.
  3. From the BlackBerry Solution Management panel, expand Policy.
  4. Click Manage IT Policy Rules.
  5. Click Import IT Policy Definitions.
  6. Browse to the temporary folder where the ITPolicyPackHH70.zip file was unzipped.
  7. Select the ITPolicyPackHH70.xml file.
  8. Click Save.
  9. When the import process is complete, the following message appears:

    The IT policy definitions have been updated.

BlackBerry Enterprise Server 4.1 SP2 to 4.1 SP7

Complete the following steps:

  1. Download and unzip the ITPolicyPackHH70.zip file to a temporary folder on the local computer hosting the BlackBerry Manager.
  2. Open BlackBerry Manager.
  3. Select BlackBerry Domain.
  4. Select the Global tab.
  5. From the Tasks list, select Service Control and Customization.
  6. Select Import IT Policy Definitions.
  7. In the File Open dialog box, navigate to the temporary folder where the ITPolicyPackHH70.zip file was unzipped.
  8. Select the ITPolicyPackHH70.xml file.
  9. Click Open to import the IT policy rules definitions.
  10. When the import process is complete, the following message appears:

    The import of this IT policy rule definitions file was successful. There were <the_number_of_additions> additions and <the_number_of_updates> updates.


Method 2 - Update the IT policy rule definition using the loadbesmetadata.exe tool

This procedure is appropriate for the BlackBerry Enterprise Server 4.0 and 4.1

  1. Download and unzip the ITPolicyPackHH70.zip file to a temporary folder on the local computer hosting the BlackBerry Enterprise Server or the BlackBerry Manager.
  2. From the command prompt, navigate to the temporary folder that contains the ITPolicyPackHH70.zip file.
  3. In the root of the temporary folder, type loadbesmetadata.exe -i ITPolicyPackHH70.xml.
  4. After executing the loadbesmetadata.exe tool, review the screen output and directory log for errors.

Note: For BlackBerry Enterprise Server 4.1 SP4 running in a Windows® environment with Japanese fonts, make sure that the IT policy rule definitions updates are imported in the Japanese language, by typing loadbesmetadata.exe -i ITPolicyPackHH70.xml -l jp_ja in the command prompt.

Note: The loadbesmetadata.exe tool can be executed from a computer other than the one on which the BlackBerry Enterprise Server is running.

Note: To determine how to specify BlackBerry® Configuration Database information, run the loadbesmetadata.exe tool from the command prompt using no parameters. Review the usage help screen to determine the parameters required for specific installations.

CollapseAttachments

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.