Old IT policy keeps creeping back -- NEED PRO HELP!!
- Hi all,
I am in need of some serious expert blackberry help. I have an issue that I have narrowed down but cannot figure out how to fix. I had a 8830 before my storm and the 8830 at one point was on a BES. After a while, I eventually took my phone off of the BES since the restrictions were crappy. After a while, I decided I still wanted to get my work email so I instead started using Desktop Redirector on my work computer to get emails without the restrictions( I leave my computer at work). So, I got the storm and I noticed that the firewall settings keep getting locked down just like they were on my 8830.
Here is what I did using a different computer than the one that used desktop redirector:
1. I used JLCmder to reset the phone to factory
2. I then resent my service books and everything
3. Everything was good until I hooked up my storm to the computer that originally was using desktop redirector and low and behold the firewall "policy" or setting has come back.
4. I tried uninstalling and re-installing the desktop manager hoping this would help
5. Also am ussing the defualt ploicy.bin file from this site's How To Remove IT Policy thread.
Now, I can keep wiping using JLCmder and it gets rid of it but the moment I hook the phone up to get Desktop Redirector it throws the firewall flag to enabled
I NEED HELP!! How do I keep this from happening?
EDIT: SOLUTION:
1. -- Go through the whole JLCMder process to wipe back to factory.
2. Before reconnecting device to the computer, go to folder:
C:\Program Files\Research In Motion\Blackberry
and DELETE the policy.bin file that is there.
3. Uninstall and reinstall DM
4. Once re-installed, re-do all of your settings etc in DM.
5. I DO NOT recommend doing a restore as it might bring it over.(Cannot confirm this)
Once I uninstalled and reinstalled AFTER deleting the policy.bin file, the red lock is gone and I am sailing free!!Last edited by griff2ooo; 12-08-08 at 01:42 PM.
12-08-08 01:05 PMLike 0 - I have the same problem with my device on verizon. I did the exact same thing you did. Deleted my whole device using JL_commander. Then reloaded the .75 Verizon OS. It boots up and the Firewall is disabled. As soon as I turn on my antenna and the device conntects to Verizons network The firewall lock is on again. I am on a BIS and not a BES plan. I called up Verizon and they have a ticket opened to look into this. I dunno if anyone else has this but the Verizon tech said it was supposed to be enabled?
Last edited by PCGuRu2K; 12-08-08 at 01:23 PM.
12-08-08 01:19 PMLike 0 - I am unable to change it as well. Looks like theres no security policy, but just a Firewall policy being applied by Verizon12-08-08 01:25 PMLike 0
- I opened up the policy.bin file below and there's no mention o the firewall disable/enable anywhere in there. Did you try registering or resending the service book to your device? The padlock redlock came back on mines when it registered to the VZW network
;************************************************* **************************
;
; Policy.inf - Management Configuration file for Desktop Software
;
;
; Notes: For comments a ( must be at the beginning of the line
; Use (\) for line continuation for strings
;
; Format: Key = Value
; Key {Policy } = value
; Key {Default} = value
; fi
; where: 'value' can be an int, boolean or string.
; {Policy} key is updated if different time stamp.
; {Default} key is updated only once.
;
; If no policy attribute {}, key will default to 'Default'
;
;************************************************* **************************
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Desktop Manager Configuration
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;
; If application is shown on task bar.
HideWhenMinimized {default} = true
; Prompt the user when the Desktop Manager starts.
MessagePrompt {default} = Welcome to the Desktop Manager.
; To enable or disable the USB-Serial converter
EnableUSBconverter {default} = false
; Control whether the Application Loader is available to the user.
ShowApplicationLoader {default} = true
; Control whether if offline IT Policy warning prompt should be displayed.
ShowPolicyErrMsg {default} = true
; Control the length of time the device password is cached by Desktop Manager. (Minutes)
DesktopPasswordTimeout {policy} = 10
; This setting controls whether or not Desktop add-ins are permitted.
; When set to false, no desktop add-in code will be executed.
AllowDesktopAddIns {policy} = true
; Indicates whether or not the desktop software will allow the user to switch devices.
AllowDeviceSwitch {policy} = true
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Synchronization
;; Synchronize for PIM,Email and Folder Management defaults.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;
; This setting allows you to specify whether or not you would like PIM
; information to be synchronized when the user selects the Synchronize Now
; button from the Intellisync dialog.
SynchronizeNowPIM = true
; This setting allows you to specify whether or not you would like Email
; information to be synchronized when the user selects the Synchronize Now
; button from the Intellisync dialog.
SynchronizeNowEmail = true
; This setting allows you to specify whether or not you would like the date and
; time to be synchronized when the user selects the Synchronize Now button from
; the Intellisync dialog.
SynchronizeNowDateTime = true
; This setting allows you to specify whether or not you would like PIM
; information to be to be automatically synchronized when the handheld
; is connected to the PC.
AutoSynchronizePIM = false
; This setting allows you to specify whether or not you would like Email
; information to be to be automatically synchronized when the handheld
; is connected to the PC.
AutoSynchronizeEmail = false
; This setting allows you to specify whether or not you would like Date and Time
; information to be to be automatically synchronized when the handheld
; is connected to the PC.
AutoSynchronizeDateTime = false
; This setting allows you to specify whether or not you would like to synchronize
; folders instead of performing an import.
SyncFoldersInsteadOfImport = true
; This setting allows you to specify how information conflicts between the handheld
; and the PC encountered during synchronization are handled. If set to true, desktop
; information is used. If set to false, handheld information is used.
FolderConflictDesktopWins = true
; This setting allows the enabling or disabling of wireless email reconcilation.
AllowWirelessEmailSynchronization = true
; This setting allows the wireless calendar synchronization functionality to be disabled.
DisableWirelessCalendar = false
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Redirector Settings
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;
; Append signature on out going messages
AutoSignature = -----------------\
Sent from my BlackBerry Handheld.
; Forwards messages to the handheld
ForwardMessagesToHandheld = true
; Allows user's to receive mail when handheld is connected to cradle
ForwardMessagesInCradle = false
; Setup filter rules for email redirection
FilterRuleFile = c:\myfilters.rfi
; When filter rules don't apply, forward or don't send messages
ForwardWhenRulesDontApply = true
; When sending a message from handheld, don't save a copy in my 'Sent Items' folder
DontSaveSentMessages = false
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Backup/Restore Configuration
;;
;; These value control the setting in "Backup and Restore Options" dialog
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;
; This value control the value of the "Automatically backup my handheld" setting
; in the options dialog, which is enables or disables prompted Automatic Backups.
AutoBackupEnabled = true
; This value indicates how often an AutoBackup is performed in days.
AutoBackupFrequency = 7
; This setting controls the exclusion of Email and synchronized data from the
; automatic backup. If set to true, the "Backup all handheld application data"
; radio button is selected.
AutoBackupIncludeAll = true
; This setting allows control over whether email is excluded from automatic backups
; (when AutoBackupIncludeAll is false).
AutoBackupExcludeEmail = false
; This setting allows control over whether synchronized application data is excluded
; from automatic backups (when AutoBackupIncludeAll is false). "Synchronized data" is
; that data which is configured for synchronization with Intellisync; this varies
; according to the user's preferences.
AutoBackupExcludeSync = false
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; WebLink Configuration
;;
;; These values control the appearance and behaviour of the WebLink extension.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;
; Setting this value to false prevents the WebLink icon from being displayed.
ShowWebLink = true
; This setting specifies the URL that will be used when the WebLink
; icon is activated.
WebLinkURL = www.your_network_here.com/go/downloads
; This setting controls the label that is displayed for the WebLink icon.
WebLinkLabel = Downloads
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Device Security Settings
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;
; Determine if the password is required on device
PasswordRequired {policy} = false
; Determine if the user can disable the password
UserCanDisablePassword {policy} = true
; Minimum length of the password.
; Valid range is 1 to 12 characters, inclusive.
;
; This value indicates the minimum length of an acceptable device
; security password.
MinPasswordLength {policy} = 5
; Password Pattern Checks
; Valid range is 0 or 1 at this time
; 0 -> no checks
; 1 -> ensure password has at least on letter and one digit
PasswordPatternChecks {policy} = 0
; Suppress Password Echo
;
; Option to disable password echo after x numbers of fail attempts to unlock handheld.
; false -> Disable
; true -> Enable
;
SuppressPasswordEcho {policy} = false
; Maximum device security timeout.
; Valid range is 1 to 60 minutes, inclusive.
;
; The handheld user is permitted to select any security timeout value
; less than this value.
MaxSecurityTimeout {policy} = 60
; Password Timeout
; Valid range is 0 to 60 minutes, inclusive.
;
; Set the effective password timeout on handheld. This value must be
; less than that of the MaxSecurityTimeout.
SetPasswordTimeout {policy} = 60
;
; If set, forces the device to the lock screen when it is holstered
ForceLockWhenHolstered {policy} = false
; Determine if the user can change the timeout
UserCanChangeTimeout {policy} = TRUE
; Password aging.
; Valid range is 0 to 365.
;
; Specifying a value of 0 indicates password aging is disabled. Other
; values specify the maximum age of the password before the handheld
; user is prompted to change it.
MaxPasswordAgeInDays {policy} = 5
; Password History
; Valid range is 0 to 15
;
; Specify the number of passwords to retain for checking. Passwords in password history cannot be used when
; setting a new handheld password.
;
MaximumPasswordHistory {policy} = 0
; Maximum Password Attempts
; Valid range is 3 to 10
;
; Set the maximum number of password attempts on handheld.
;
SetMaximumPasswordAttempts {policy} = 10
; Indicate if Long Term Security Timeout is enabled/disabled
;
; If true, handheld long term timeout is enabled
; If false, handheld long term timeout is disabled.
LongTermTimeoutEnable {policy} = false
; Attachment Viewing
;
; Controls the ability to view email attachments on the handheld.
; If set to true then users can view attachments on the handheld
AllowAttachmentViewing {policy} = true
; Policies that control the behaviour of third party applications
; on Java-based handhelds.
AllowThirdPartyUseSerialPort {policy} = true
AllowExternalConnections {policy} = true
AllowInternalConnections {policy} = true
AllowSplitPipeConnections {policy} = false
DisallowThirdPartyAppDownloads {policy} = false
; Policies that control the behaviour of the handheld Browser application
;
; DefaultBrowserConfigUID {policy} = "BlackBerry Browser"
; MDSBrowserTitle {policy} = "YourCompany Intranet"
; HomepageAddress {policy} = www.your_network_here.com
; HomepageAddressReadOnly {policy} = true
; EnableWAPConfig {policy} = false
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
; Policies that apply to the TLS protocol.
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;
; TLS Disable Invalid Connection
; Disallow users to connect to a server with an invalid certificate (i.e revoked, expired, etc ).
; Value: 0=true,1=false,2=prompt on device
TLSDisableInvalidConnection {policy} = 1
; TLS Disable Untrusted Connection
; Prevent TLS connections to untrusted servers.
; Values: 0=true,1=false,2=prompt on device
TLSDisableUntrustedConnection {policy} = 2
; TLS Disable Weak Ciphers
; Disable use of weak ciphers during a TLS connection.
; Values: 0=true,1=false,2=prompt on device
TLSDisableWeakCiphers {policy} = 2
; TLS Minimum Strong DH Key Length,
; Valid range 512 to 4096
TLSMinimumStrongDHKeyLength {policy} = 1024
; TLS Minimum Strong ECC Key Length
; Valid range 160 to 571
TLSMinimumStrongECCKeyLength {policy} = 163
; TLS Minimum Strong RSA Key Length
; Valid range 512 to 4096
TLSMinimumStrongRSAKeyLength {policy} = 1024
; Disable the use of any cipher that is not FIPS compliant.
TLSRestrictFIPSCiphers {policy} = false
; TLS Minimum Strong DSA Key Length
;
; Set the minimum DSA key size allowed for use during a TLS connection.
; Range: 512 - 1024 bits in 64 bit increments
TLSMinimumStrongDSAKeyLength {policy} = 1024
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Messaging Settings.
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;
; Indicate if PIN to PIN messaging is permitted.
;
; If true, handheld users are permitted to use the PIN to PIN messaging
; feature. If false, this capability is hidden from the handheld user.
AllowPINtoPIN {policy} = true
; Indicate if the specification of BCC recipients is permitted.
;
; If true, handheld users can specify BCC recipients when composing messages.
; If false, this capability is unavailable to handheld users.
AllowBCCRecipients {policy} = true
; Indicate if SMS messaging is permitted.
;
; If true, handheld users are permitted to send SMS messages.
; If false, this capability is unavailable to handheld users.
AllowSMS {policy} = true
; Indicate if the RIM phone application can be used on the handheld.
;
; If true, handheld users are permitted to use the handheld's phone.
; If false, users are not permitted to use the handheld's phone.
AllowPhone {policy} = true
; Indicate if the RIM web browser can be used on the handheld.
;
; If true, handheld users are permitted to use the handheld's web browser.
; If false, users are not permitted to use the handheld's web browser.
AllowBrowser {policy} = true
; Indicate if other email services are permitted on the handheld.
;
; If false, no other email service books (other than the Enterprise
; edition one) are permitted on the handheld. Any other existing email
; service books are removed when the policy is installed; while the
; policy is in effect, other email service books will be rejected by the
; device. This forces all outbound email to be routed through the
; organization's BlackBerry Enterprise Server.
;
; If true, no restrictions are applied to email service books.
AllowOtherEmailServices {policy} = true
; Indicate if other browser transport services are permitted on the handheld.
;
; If false, no other browser transport service books (other than the
; Enterprise edition one) are permitted on the handheld. In this case,
; any other existing browser transport service books are removed when the
; policy is installed; while the policy is in effect, other browser transport
; service books will be rejected by the device. This forces all browser
; traffic to be routed through the organization's BlackBerry Enterprise Server.
;
; If true, no restrictions are applied to browser transport service books.
AllowOtherBrowserServices {policy} = true
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Owner Information
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;
; Owner Name - if value = '*' use the registry setting
OwnerName {default} = Research In Motion Ltd.
; Owner Info - if value = '*' use the registry setting
OwnerInfo {default} = Please return to RIM\
Phone # (519) 888-7465\
295 Phillip St\
Waterloo Ont\
N2L 3W812-08-08 02:54 PMLike 0 - FWIW, I was having the same issue and it was an old policy.inf that was left over from my old 7250. What I did, and it may be overkill, was uninstalled the DM, deleted the left over directory and reinstalled. Wiped and reloaded the BB and all is good with no locked firewall.12-08-08 04:09 PMLike 0
- If there is any type of polic file I think it forces the phone to adopt certain security settings. I think deleting the policy file along with re installing DM should fix the Issue. Have you trid r
e installing?
Posted from my CrackBerry at wapforums.crackberry.com12-08-08 05:47 PMLike 0 - I did a search on "please return to RIM" and this is the closest thread I could find on the subject. I am using .83 and did a batt pull today. Upon reboot, the owner information changed to:
"Research in Motion Ltd.
Please return to RIM
Phone # (519) 888-7465
296 Philip St
Waterloo Ont
N2L 3W8"
Why did this happen? Am I having the same issue?12-28-08 04:16 PMLike 0 - Scan your PC for a file called policy.bin. It contains the owner information and various other poilicy settings you can set. Delete that file. It'll most likely be under c:\program files\research in motion\blackberry
If your on a BIS then this will work for you. But if your on a BES then most likely this is policy is being pushed out through the BES
I did a search on "please return to RIM" and this is the closest thread I could find on the subject. I am using .83 and did a batt pull today. Upon reboot, the owner information changed to:
"Research in Motion Ltd.
Please return to RIM
Phone # (519) 888-7465
296 Philip St
Waterloo Ont
N2L 3W8"
Why did this happen? Am I having the same issue?12-28-08 04:54 PMLike 0 - If this device was previously associated with a BES server, it's possible that the PIN association is still there on that server. An IT policy will continue to push down to you in a case such as this. Approach it from that perspective if all else has failed and make sure that said IT admins delete the BES server association before you go any further chasing a possible ghost.12-28-08 05:09 PMLike 0
- If this device was previously associated with a BES server, it's possible that the PIN association is still there on that server. An IT policy will continue to push down to you in a case such as this. Approach it from that perspective if all else has failed and make sure that said IT admins delete the BES server association before you go any further chasing a possible ghost.12-28-08 06:33 PMLike 0
- Forum
- BlackBerry OS Phone Forums
- More BlackBerry Phones
- BlackBerry Storm Series
Old IT policy keeps creeping back -- NEED PRO HELP!!
LINK TO POST COPIED TO CLIPBOARD