[Bes-admins] Custom report from the database

Is there an easy way to pull a custom report from the BES database? Or do I need to go directly to the tables and figure out what tables/columns everything is in? Is there a reference for where that data is located in the tables? I need a report that shows: User Name Model ESN PIN Carrier OS

[Bes-admins] Prevent personal Blackberries from accessing company email

I just found out that we have people with personal Blackberries accessing their company email, they are definitely not set up on my BES, so I'm guessing they must be using BIS. How can I prevent them from accessing their company email on their personal devices? I know it's not via IMAP or

Re: [Bes-admins] Prevent personal Blackberries from accessing companyemail

We allow people to do that here, they configure it as a webmail account like a Yahoo or gmail From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Darhl Thomason Sent: Tuesday, July 20, 2010 12:55 PM To: 'bes-admins@dataoutages.com' Subject:

Re: [Bes-admins] Prevent personal Blackberries from accessing companyemail

You are correct, it would be BIS - configured at the store they purchased the phone from. I was at Verizon the other day and this is the conversation that I heard... TECH:Sure, you don't need the $45 dollar (data) plan, just get the $30 buck one and Ill show you how to access your

Re: [Bes-admins] Prevent personal Blackberries from accessing company email

BIS uses IMAP and POP3. Are you sure it's turned off? Other options include offline sync using Desktop manager or a 3rd-party EAS bridge like AstraSync. From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Darhl Thomason Sent: Tuesday, July 20,

Re: [Bes-admins] Prevent personal Blackberries from accessingcompanyemail

They're using Outlook Web Access to sync. Not sure you can prevent that but if possible I would look in IIS without disabling OWA entirely. From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of DOWER, BRIAN Sent:

Re: [Bes-admins] Prevent personal Blackberries from accessing company email

BIS can also use OWA. See: http://www.port3101.org/featured-blackberry-kb-articles/792-kb11036-firewall-connection-requirements-blackberry-internet-service.htm l for a list of what IP's BIS connections are coming from. Block these inbound connections at the firewall and you've blocked BIS.

Re: [Bes-admins] Prevent personal Blackberries from accessing company email

Yes, its usually IMAP/POP3 for BIS access. I have considered identifying RIM's BIS IP range and blocking at the firewall level. If those IP's are only used for BIS email access and I dont want that. What about IT Policy that blocks the service book? I think that this would only block the

Re: [Bes-admins] Prevent personal Blackberries from accessing companyemail

Ugh! Is there any way to prevent BIS from accessing corporate email? I set up a test account and it looks like it is accessing via OWA, but I cannot turn off OWA as that is the main method our stores use to get email. Darhl Thomason | SysAdmin | Business Technology Papa Murphy's Int'l. | d

Re: [Bes-admins] Prevent personal Blackberries from accessing company email

Yes: http://www.port3101.org/featured-blackberry-kb-articles/793-kb03735-firewall-connection-requirements-blackberry-enterprise-server.ht ml. Keep in mind that all you have to do is explicitly deny port 80/443 to these IP addresses to block access to OWA. Also, keep in mind that with BES

Re: [Bes-admins] Prevent personalBlackberries from accessing companyemail

The ONLY way is by users' hardcoding username/password combos on BBs. This is a complete security meltdown. My CIO is melting in his chair now while hearing the words in this thread. It basically comes down to policy. Not only is it a security issue for corporate data and such, you also

Re: [Bes-admins] Prevent personal Blackberries from accessing companyemail

There is a difference though between the user providing their credential to the OWA service themselves and giving their credentials to RIM or the Carrier to check the email for them. -- Josh Armour MobileOps - Sysadmin jarm...@google.com (541) 205-4262

Re: [Bes-admins] Prevent personal Blackberries from accessing company email

HDawg, Your post shows these addresses as the BIS servers: BIS IP Range 206.51.26.0/24 193.109.81.0/24 204.187.87.0/24 206.53.144.0/20 216.9.240.0/20 67.233.64.0/19 93.186.16.0/20 68.171.224.0/19 Another post on your site

Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email

BES is outbound - just don't block outbound and you're fine. You're blocking inbound for OWA/BIS, which is what he said in an earlier post. -- Jonathan Evenden Director of IT Consulting MCP - Microsoft Certified Professional TNTMAX, LLC. Technology Solutions by Design

Re: [Bes-admins] Prevent personal Blackberries from accessing company email

Just saw that, didn't realize that BES was outbound initiated, but good to know that I can block the inbound 80/443 from that IP range to block the BIS. Thanks! Darhl Thomason | SysAdmin | Business Technology Papa Murphy's Int'l. | d 360-449-4044 | c 360-607-5617 |

Re: [Bes-admins] PreventpersonalBlackberries from accessing companyemail

The documentation that RIM puts out is pretty good. Problem being . most people don't take the time to read through it. It gives you recommendations on ways to meet your security requirements; just need to put in the effort. From: bes-admins-boun...@dataoutages.com

Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email

I saw that. I had already sent this one before his reply hit my inbox. That's what I'm configuring now. Thanks everyone for the thoughts, ideas, and solutions. d Darhl Thomason | SysAdmin | Business Technology Papa Murphy's Int'l. | d 360-449-4044 | c 360-607-5617 |

Re: [Bes-admins] Prevent personal Blackberries from accessing company email

Yes, I got it, sorry. I had sent this before your other message hit my inbox. I was just too quick on the reply. d Darhl Thomason | SysAdmin | Business Technology Papa Murphy's Int'l. | d 360-449-4044 | c 360-607-5617 | www.papamurphys.comhttp://www.papamurphys.com From:

Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email

I think you are just paranoid enough. From: Josh Armour jarm...@google.com To: A list for BES Admin's to discuss issues, etc. bes-admins@dataoutages.com Sent: Tue, July 20, 2010 11:06:53 AM Subject: Re: [Bes-admins] Prevent personal Blackberriesfrom accessing

Re: [Bes-admins] Prevent personal Blackberriesfrom accessingcompany email

nothing - we use 2 factor auth to a reverse proxy - no public OWA without. - Original Message From: wrbdec...@gmail.com wrbdec...@gmail.com To: A list for BES Admin's to discuss issues, etc. bes-admins@dataoutages.com Sent: Tue, July 20, 2010 11:11:19 AM Subject: Re: [Bes-admins]

Re: [Bes-admins] Prevent personal Blackberriesfrom accessingcompany email

Exactly my point. If you open OWA you run a huge risk regardless. Anyone can go to any pc with an internet connection and log in. Anyone can get credentials. Sent via BlackBerry by ATT -Original Message- From: Don Andrews don.andrews_safe...@yahoo.com Date: Tue, 20 Jul 2010 11:48:53

Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email

There is no IT Policy to simply disable BIS? From: Darhl Thomason dar...@papamurphys.com To: A list for BES Admin's to discuss issues, etc. bes-admins@dataoutages.com Sent: Tue, July 20, 2010 2:03:18 PM Subject: Re: [Bes-admins] Prevent personal

Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email

There is a great way to find out: http://docs.blackberry.com/en/admin/deliverables/16679/BlackBerry_Enterprise_Server-Policy_Reference_Guide-T323212-1063796-0616124539-001-5.0.2-US.pdf or, yes, there is a way to do this via IT Policy. From: bes-admins-boun...@dataoutages.com