Administration Guide

Local Navigation

Assigning BlackBerry devices to user accounts

To assign BlackBerry® devices to user accounts and activate the BlackBerry devices, you can use any of the following methods:

Method

Description

BlackBerry Administration Service

You can activate BlackBerry devices before you distribute them to users by connecting the BlackBerry devices to a computer and logging in to the BlackBerry Administration Service.

over the wireless network

New BlackBerry device users and users that are receiving replacement BlackBerry devices can activate the BlackBerry devices without requiring a physical connection to your organization's network.

over the LAN

New BlackBerry device users and users that are receiving replacement BlackBerry devices can activate the BlackBerry devices by connecting the BlackBerry devices to a computer that hosts the BlackBerry® Desktop Manager.

BlackBerry® Web Desktop Manager

New BlackBerry device users and users that are receiving replacement BlackBerry devices can activate the BlackBerry devices by connecting the BlackBerry devices to a computer that hosts the BlackBerry Web Desktop Manager.

over your organization's Wi-Fi® network

You can activate Wi-Fi enabled BlackBerry devices over your organization's Wi-Fi network.

If you add a user account that was previously located on another BlackBerry® Enterprise Server in a different BlackBerry Domain, to assign a BlackBerry device to the user account, you must connect the BlackBerry device to the computer that hosts the BlackBerry Administration Service.

Option 1: Activate a BlackBerry device using the BlackBerry Administration Service

Before you begin: If necessary, prepare a BlackBerry® device so that you can redistribute it to a user.
  1. Connect the BlackBerry device to a computer that can access the BlackBerry Administration Service.
  2. On the Devices menu, expand Attached devices.
  3. Click Manage current device.
  4. Click Assign current device.
  5. Search for a user account.
  6. In the search results, click the display name for a user account.
  7. Click Associate user.
  8. Click Assign current device.

Option 2: Activating a BlackBerry device over the wireless network

To activate a BlackBerry® device over the wireless network, you assign an activation password to a user account. The user receives the activation password in an email message and associates the BlackBerry device with the email account by typing the password on the BlackBerry device.

Save bandwidth by synchronizing organizer data over the LAN

When users activate BlackBerry® devices over the wireless network, by default, the BlackBerry® Enterprise Server synchronizes the initial download of organizer data over the wireless network. To save bandwidth, you can configure an IT policy to synchronize the initial download of organizer data through the BlackBerry Router and over your organization's LAN when users connect their BlackBerry devices to a computer that hosts the BlackBerry® Device Manager.

  1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy.
  2. Click Manage IT policies.
  3. Click Default.
  4. Click Edit IT policy.
  5. On the PIM Synchronization policy group tab, in the Disable Wireless Bulk Loads rule, in the drop-down list, click Yes.
  6. Click Save all.

Wireless activation

The wireless activation process activates BlackBerry® devices on the BlackBerry® Enterprise Server over the wireless network. Neither you nor the users are required to connect the BlackBerry devices to a computer to complete the activation process.

You can use wireless activation process to activate a large number of BlackBerry devices over the wireless network. When users want to activate BlackBerry devices on the BlackBerry Enterprise Server over the wireless network, they must notify you. You can use the BlackBerry Administration Service to configure activation passwords and distribute the passwords to the users.

The BlackBerry® Enterprise Solution can begin the wireless activation process automatically or when users open the activation application on the BlackBerry devices and type an activation password and email address. When the activation process completes, users can send email messages from and receive email messages on their BlackBerry devices.

When you initiate the wireless activation process, the BlackBerry Enterprise Server sends an email message with an etp.dat attachment from the blackberry.net domain to the user's email application. To make sure that the message is not blocked or modified, add the blackberry.net domain to the allowed list in the anti-virus and anti-spam software applications used by the messaging server or gateway.

Activation passwords

The BlackBerry® Enterprise Server activates a BlackBerry device over the wireless network using the wireless activation authentication protocol and an activation password that is specific to the user account associated with the BlackBerry device.

Item Description

length of the activation password

Typical activation passwords are four to eight characters long. Activation passwords are limited to the following character lengths:

  • BlackBerry device: 31 characters
  • BlackBerry Administration Service : 20 characters
  • KeyGenPassword field that stores the password in the BlackBerry Configuration Database: 50 characters

character support

Activation passwords can include any type of character except accented characters.

security

Wireless activation is designed so that short activation passwords do not compromise the security of the protocol.

You must distribute the activation password to the authenticated user securely. If the user receives the activation password, but does not activate the BlackBerry device on the BlackBerry Enterprise Server, a potentially malicious user who can access the activation password can connect another BlackBerry device to the BlackBerry Enterprise Server and assume the identity of the intended user.

When a user activates a BlackBerry device on the BlackBerry Enterprise Server, the activation password becomes inactive and a potentially malicious user cannot reuse it to activate another BlackBerry device.

If a user receives an activation password, you cannot generate a new activation password for the user until the activation password expires. An activation password expires after 48 hours by default. You can configure an activation to password expire earlier than the default value of 48 hours.

expiry time

An activation password is no longer valid if any of the following events occur:
  • the user does not activate the BlackBerry device on the BlackBerry Enterprise Server before the default value of 48 hours elapses
  • the user types the activation password incorrectly five consecutive times
  • the BlackBerry Enterprise Server activates a BlackBerry device using the activation password

Customize the activation password

You can customize the type of activation password and the number of characters the password can contain that you send to BlackBerry® devices in a BlackBerry Domain. You can also change the length of time that the activation password exists before it expires.
  1. In the BlackBerry Administration Service, on the Devices menu, expand Wireless activations.
  2. Click Device activation settings.
  3. In the Password settings section, perform the following actions:
    • To change the activation password length, in the Auto-generated password length field, type a character length.
    • To change the activation password type, in the Auto-generated password type drop-down list, click a password type.
    • To change the length of time that the activation password exists before it expires, in the Auto-generated password lifespan (hours) field, type the number of hours.
  4. Click Save all.

Customize the activation message

To provide information to help troubleshoot activation issues that a user might encounter or to make sure that the activation message that users receive on their computers conforms to your organization's messaging policies, you can customize the default activation message.
  1. In the BlackBerry® Administration Service, on the Devices menu, expand Wireless activations.
  2. Click Device activation settings.
  3. Click Edit activation settings.
  4. In the Email initialization message section, perform the following actions:
    • In the Sender address field, type the email address for the administrator account.
    • In the Custom activation message field, type the subject, and message.
  5. Click Save all.

Send an activation password to a user

  1. In the BlackBerry® Administration Service, on the BlackBerry solution management menu, expand User.
  2. Click Manage users.
  3. Search for a user account.
  4. In the search results, click the display name for the user account.
  5. In the Device activation list, click Specify activation password.
  6. In the Activation password and Confirm password fields, type an activation password. The password must not contain special characters. Some BlackBerry devices do not support special characters and do not unlock when a user types a password that contains special characters.
  7. In the Password expiration (hours) field, type the amount of time that can elapse before the activation password expires.
  8. Click Specify activation password.

Send an activation password to multiple users

  1. In the BlackBerry® Administration Service, on the BlackBerry solution management menu, expand User.
  2. Click Manage users.
  3. Search for one or more user accounts.
  4. Click Manage multiple users.
  5. Select the appropriate user accounts.
  6. In the Device activation list, click Specify activation password.
  7. In the Activation password and Confirm password fields, type an activation password. The password must not contain special characters. Some BlackBerry devices do not support special characters and do not unlock when a user types a password that contains special characters.
  8. In the Password expiration (hours) field, type the amount of time, in hours, that can elapse before the activation password expires.
  9. Click Specify activation password.

Option 3: Activating BlackBerry devices over the LAN

Users can activate BlackBerry® devices by connecting them to computers that the BlackBerry® Desktop Manager is associated with. During the activation process, the BlackBerry Desktop Manager prompts users to associate the BlackBerry devices with their work email accounts and generate encryption keys.

When users complete the activation process, the BlackBerry® Enterprise Server sends email messages and organizer data to the BlackBerry devices through the BlackBerry Router. If a connection to the BlackBerry Router is interrupted, the data transfer continues over the wireless network.

Option 4: Activating BlackBerry devices using the BlackBerry Web Desktop Manager

Users can activate their BlackBerry® devices by connecting them to computers using a USB cable or Bluetooth® connection and logging in to the BlackBerry® Web Desktop Manager. During the activation process, the BlackBerry Web Desktop Manager prompts users to associate the BlackBerry device with their email accounts and generate encryption keys.

When users complete the activation process, the BlackBerry® Enterprise Server synchronizes email messages and organizer data to BlackBerry devices through the BlackBerry Router. If a connection to the BlackBerry Router is interrupted, the data transfer continues over the wireless network.

Option 5: Activating BlackBerry devices over an enterprise Wi-Fi network

Users can activate Wi-Fi® enabled BlackBerry® devices over an enterprise Wi-Fi network in environments that have the following characteristics:

  • BlackBerry devices can connect to the enterprise Wi-Fi network but cannot connect to the BlackBerry® Infrastructure.
  • Users did not install BlackBerry® Desktop Manager on their computers and cannot access BlackBerry® Web Desktop Manager.
  • You want to deploy and activate a large number of BlackBerry devices.

To activate BlackBerry devices over the enterprise Wi-Fi network, you must configure the BlackBerry Router as an SMTP client (also known as a Mail User Agent). As an SMTP client, the BlackBerry Router communicates with an SMTP server, that sends an ETP message to the user. The ETP message is the email message that the BlackBerry Router sends to the user’s mailbox during the activation process.

You can configure the BlackBerry Router to act as a gateway for BlackBerry device activations over the enterprise Wi-Fi network and as a gateway for other network traffic such as email messages, data, or calendar synchronization, or to act only as a gateway for BlackBerry device activations over the enterprise Wi-Fi network. If you choose to configure the BlackBerry Router only as a gateway for BlackBerry device activations over the enterprise Wi-Fi network, you must configure the BlackBerry Router as part of a chain of BlackBerry Router instances and make sure that one or more BlackBerry Router instances in the chain can act as a gateway for other network traffic.

For more information about Wi-Fi enabled BlackBerry devices, see the BlackBerry Enterprise Server Feature and Technical Overview.

Prerequisites: Configuring a BlackBerry Router for BlackBerry device activations over the enterprise Wi-Fi network

  • On the computer that you installed the BlackBerry® Router, or on a remote computer, configure an SMTP service that the BlackBerry Router can use. For more information, see the documentation for the Windows Server®.
  • To restrict the BlackBerry Router so that it acts only as a gateway for BlackBerry device activations over the enterprise Wi-Fi® network, on a computer that does not host a BlackBerry® Enterprise Server, install a BlackBerry Router whose only purpose is to provide a connection to Wi-Fi enabled BlackBerry devices over the enterprise Wi-Fi network. Configure the BlackBerry Router as part of a chain of BlackBerry Router instances and make sure that one or more BlackBerry Router instances in the chain can act as a gateway for other network traffic such as email messages, data, or calendar synchronization.
  • Verify that the wireless access points can connect to the BlackBerry Router that you configured for BlackBerry device activations over the enterprise Wi-Fi network.
  • Verify that each BlackBerry Enterprise Server can connect to a BlackBerry Router that you configured for BlackBerry device activations over the enterprise Wi-Fi network.
  • Create a user account and activation password on the BlackBerry Enterprise Server for each new BlackBerry device.

Configure a BlackBerry Router to permit BlackBerry device activations over the enterprise Wi-Fi network

  1. On the computer that hosts the BlackBerry® Router, on the taskbar, click Start > Programs > BlackBerry Enterprise Server > BlackBerry Server Configuration.
  2. On the OTA WIFI Activation tab, select the Permit wireless activation in your WLAN environment check box.
  3. Optionally, to restrict the BlackBerry Router so that it acts as a gateway for wireless activations over the enterprise Wi-Fi® network and not as a gateway for other network traffic such as email messages, data, or calendar synchronization, select the Prevent all serial bypass traffic through this router except WLAN activations check box. Only restrict the BlackBerry Router if you configured more than one BlackBerry Router instance.
  4. To specify how the BlackBerry Router locates the SMTP server, in the Activation Gateway Settings section, select one of the following options:
    • To permit the BlackBerry Router to determine which SMTP server it uses for ETP traffic based on the mail exchange record of the host domain, select Use MX Lookup to obtain SMTP server.
    • To provide the SMTP server name and port number for the BlackBerry Router, select Explicitly provide SMTP server name and port. Type the server name and the server port number for the SMTP server.
  5. If the SMTP server requires authentication, specify the SMTP login name and SMTP password.
  6. In the From address for ETP messages field, type the email address that you want to use as the From address. The ETP message is the email message that the BlackBerry Router sends to the users' mailboxes during the activation process.
  7. Click Apply.
  8. Click OK.
  9. In the Windows® Services, restart the BlackBerry Router.
After you finish: Instruct users to activate the Wi-Fi enabled BlackBerry devices.

Activate a Wi-Fi enabled BlackBerry device

If you want to activate a Wi-Fi® enabled BlackBerry® device using the enterprise Wi-Fi network, you can instruct a BlackBerry user to perform the following task on the BlackBerry device. If you want to reactivate a BlackBerry device, you must create a new activation password for the BlackBerry device.
  1. On the BlackBerry device, in the device options, click Advanced Options.
  2. Click Enterprise Activation.
  3. Type the activation email address.
  4. Type the activation password.
  5. In the Activation Server Address field, type the IP address for the BlackBerry Router that the BlackBerry device can use to activate over the enterprise Wi-Fi network.
  6. In the menu, click Activate.
After you finish:
  • For more information, see the user guide for the BlackBerry device.
  • To view the activation status, in the BlackBerry Administration Service, on the Wireless > View activations page, search for the user account. Confirm that the activation is successful.

Was this information helpful? Send us your comments.