[jamesd553#CB]

Help me if you can. I just bought a 8830 from verizon with my own money. I work for a certain wall street company that shall remain nameless. When I called our IT guys to synch my company's outlook with my blackberry they said ok. After they did that however it seems they did more than that....

1. I cannot access any other email accounts on my backberry. ie. aol, yahoo, gmail...
2. I cannot access any websites that are deemed objectionable. Basically the corporate firewall that is in place at my office is now in effect on my blackberry.
3. Memory card disabled.
4. sms txting can only receive txt but cannot send.

and thats what i gathered after only a couple hours.
I was told later by IT that if i wanted to synch with the company's outlook I had to accept the changes. I was told by someone at my office that there is a way to work around it. But he said it was only a rumor.

Does anyone else know what I can do or should do?

[audit]

You can wipe install a blank IT Policy to your BB, there's plenty of posts on how to do so but as soon as your BB connects to your company BES server again then the old policy will be pushed down again. As soon as you put your personal BB on the company network, you fully accept their rules.

Trying to bypass those rules will get you fired. Think about it first.

[Bla1ze]

funny this post comes along....check this out audit

[audit]

Saw that earlier today. As long as they are still connected to the BES then the policy will be pushed down anyhow. He still needs to be removed from the BES if he doesn't want to follow the company rules.

[Bla1ze]

Ya, I just found it funny that we were addressing the issue and that was posted. lol...thats one thing I never liked about BES, whoever your BES is with basically OWNS your device.

[jamesd553#CB]

Well I still want to synch with my work email and computer. Is there anyway to have the best of both worlds? or will i have to choose between a regular BB and no access to company's email and outlook or a locked down BB with access to company email and outlook.

I paid for the BB and I pay verizon for the plan. I dont see why the company should be able to shut everything down like that

[Bla1ze]

Cause your using THEIR bes, and no you cant have the best of both worlds, you choose one or the other..unless you want to go ahead and set up your own BES at home, that way YOU control the IT Policys.(and even then no axxs to work email)..sorry but thats the way it is, it's to keep your company safe and not liable for any damages that may arise from say..you loosing your BB, or some one stealing it and viewing corp. emails and such.

[audit]

Very well said. One of these days I'll write up a FAQ entry on BES and what people should expect if they want to use their personal BB's on a company BES.

[JRSCCivic98]

audit, there's a "correct" way around this. If they are a proper company with a properly configured Exchange box then they probably have OWA (Outlook Web Access) available. If that conduit is open then you can setup your work email to sync email via BIS instead of BES. The only drawback is your email is the only thing you'll have pushed to the phone, but you can setup Desktop Manager in BIS (Internet Email) mode and setup a sync for your Calendar/Contacts/Tasks/Notes via USB cable. This will cover the things that currently sync via BES, but with the new setup they just won't be wireless. The first thing that needs to take affect of course is the IT guys need to remove your BB from the BES server and they need to remove the IT Policy form the phone. Once that's done verify that you can surf, sms, etc. like you could when you bought the phone. Then go into the Email Setup icon on your BB or to the AT&T BIS setup webpage with your PC and setup a new BIS userid and password. Once you're in you can configure up to 9 (I think) email accounts to check. These can be personal accounts and can also be work email accounts that reside on an Exchange server. If the IT guys properly setup the Exchange server the BIS connection should work just fine and you'll get email pushed to the phone like you could via BES. Only slight thing to keep in mind is that email can be delayed by about 15 minutes max... sometimes. I've had pretty good delivery to the BB from my BIS/Exchange setup with multiple servers/accounts in just a few minutes. This should also improve a little more once BIS 2.5 comes out later this year or early next year from RIM.

Anyway, I hope this works. While the other guys are right about there being a way to strip the IT Policy from the phone to allow you to do whatever you want it can be repushed back onto the phone. Not only that, but something like that can also get you fired quick. My way should be a more "OK" setup. It doesn't violate the IT Policy and since you OWN the phone you won't be subjected to the Emperical reign of the "IT Guys".

[audit]

I haven't worked for a company where I've setup what you consider a "propery configured exchange box with OWA" available to anyone. I setup my networks and security a little more tight then that and setup RSA encryption. I've had too many clowns think they can bypass my security of the BES and think they can use BIS to get their emails. Nope, not on any network that I'm in charge of, won't happen. I guess that's why I've been doing this work for over 20+ years and have yet to have a security breach either internal or externally.

[JRSCCivic98]

Actually audit, I meant to indicate the OP's name in my post, not yours. However, if you think you're safeguarding anything by closing off OWA you're saving yourself from some kind of security breach you're kidding yourself. OWA enabled and setup to work over port 443 with a fully qualified SSL certificate doesn't risk anything. For a fact the OWA/IIS setups are also used by Microsoft's ActiveSync wireless sync push from Active Directory, but only work reliably with a non self-issued SSL certificate. If security is setup properly on IIS and you pipe OWA over 443 instead of 80 you don't even really open your server up to bogus web traffic. Turn off scanning on your firewall and people outside won't even know the port is open unless they blatantly try it. Even then, that's what the other security layers are for. You might have been doing it for 20+ years, but I've done it for 14+ years as well and while you have the right to secure your network how you want, don't think for once that limiting your user's capabilities is a "good" way of keeping yourself safe. Setups I have haven't been hacked since inception either and I think it's silly for you to think otherwise. I'm just wondering... do you also turn off your home broadband and wireless before you go to bed as well? Do you think you're safer that way as well? :sidejab:

Anyway, bottom line... BIS to an Exchange account with SSL has NO security risks at all. Sure, RIM's BIS servers have the username and password to the Active Directory user account for the person's BB, but I've never seen a breach happen via RIM's servers or via the info on their servers. It's too improbable, not impossible, but too improbable.

Also, notice I stated that he needs to get with his IT guys to get their permission on this and I stated that he can get fired if he disables the IT Policy in place, but when someone owns their own BB and then get's locked down by a company policy I have kind of a small problem with that. If I was in his shoes I'd much rather just not have my work email on my BB then to have it locked down. But hey, that's just me. I enforce IT Policies on BB as well when they are owned by the companies responsible for them and when they are on BES, but sometimes some of these lockdowns are a little tight. I guess that's what I dislike about RIM's BES infrastructure. I'd rather BB's pipe their Internet Access via RIM's proxy servers for traffic then the BES server's host network.