Help Center
Local Navigation
- IT policy rules
- Using the BlackBerry Professional Software
- New IT policy rules in this release
- Policy precedence on the BlackBerry device
- Understanding IT policy rule names and policy group names
- Setting IT policy rules
- Where to find descriptions of Wi-Fi IT policy rules
- Using IT policy rules on other devices
- Importing IT policy rules without the required minimum BlackBerry Enterprise Server software
- Descriptions of IT policy rules
- Application Center policy group
- BlackBerry Messenger policy group
- BlackBerry Smart Card Reader policy group
- Disable Auto Reconnect To BlackBerry Smart Card Reader IT policy rule
- Force Erase All Keys on BlackBerry Disconnected Timeout IT policy rule
- Force Erase Key on PC Standby IT policy rule
- Maximum BlackBerry Disconnected Timeout IT policy rule
- Maximum BlackBerry Bluetooth Traffic Inactivity Timeout IT policy rule
- Maximum BlackBerry Long Term Timeout IT policy rule
- Maximum Bluetooth Encryption Key Regeneration Period IT policy rule
- Maximum Bluetooth Range IT policy rule
- Maximum Connection Heartbeat Period IT policy rule
- Maximum Number of BlackBerry Transactions IT policy rule
- Maximum Number of PC Pairings IT policy rule
- Maximum PC Bluetooth Traffic Inactivity Timeout IT policy rule
- Maximum Number of PC Transactions IT policy rule
- Maximum PC Disconnected Timeout IT policy rule
- Maximum PC Long Term Timeout IT policy rule
- Maximum Smart Card Not Present Timeout IT policy rule
- BlackBerry Unite policy group
- Bluetooth policy group
- Allow Outgoing Calls IT policy rule
- Disable Address Book Transfer IT policy rule
- Disable Advanced Audio Distribution Profile IT policy rule
- Disable Audio/Video Remote Control Profile IT policy rule
- Disable Bluetooth IT policy rule
- Disable Desktop Connectivity IT policy rule
- Disable Dial-Up Networking IT policy rule
- Disable Discoverable Mode IT policy rule
- Disable File Transfer IT policy rule
- Disable Handsfree Profile IT policy rule
- Disable Headset Profile IT policy rule
- Disable Pairing IT policy rule
- Disable Serial Port Profile IT policy rule
- Disable SIM Access Profile IT policy rule
- Disable Wireless Bypass IT policy rule
- Force CHAP Authentication on Bluetooth Link IT Policy rule
- Limit Discoverable Time IT policy rule
- Minimum Encryption Key Length IT policy rule
- Require Encryption IT policy rule
- Require LED Connection Indicator IT policy rule
- Require Password for Discoverable Mode IT policy rule
- Require Password for Enabling Bluetooth Support IT policy rule
- Browser policy group
- Allow Application Download Services IT policy rule
- Allow Hotspot Browser IT policy rule
- Allow IBS Browser IT policy rule
- Disable Auto Synchronization in Browser IT policy rule
- Disable JavaScript in Browser IT policy rule
- Download Images URL IT policy rule
- Download Themes URL IT policy rule
- Download Tunes URL IT policy rule
- MDS Browser BSM Enabled IT policy rule
- MDS Browser Domains IT policy rule
- MDS Browser HTML Tables Enabled IT policy rule
- MDS Browser JavaScript Enabled IT policy rule
- MDS Browser Style Sheets Enabled IT policy rule
- MDS Browser Title IT policy rule
- MDS Browser Use Separate Icon IT policy rule
- Camera policy group
- Certificate Synchronization policy group
- Common policy group
- BlackBerry Server version IT policy rule
- Confirm On Send IT policy rule
- Disable Kodiak PTT IT policy rule
- Disable MMS IT policy rule
- Disable Voice-Activated Dialing IT policy rule
- Disable Voice Note Recording IT policy rule
- IT Policy Notification IT policy rule
- Lock Owner Info IT policy rule
- Set Owner Info IT policy rule
- Set Owner Name IT policy rule
- Desktop Only items
- Auto Backup Enabled IT policy rule
- Auto Backup Exclude Messages IT policy rule
- Auto Backup Exclude Sync IT policy rule
- Auto Backup Frequency IT policy rule
- Auto Backup Include All IT policy rule
- Disable Wireless Calendar IT policy rule
- Do Not Save Sent Messages IT policy rule
- Force Load Count IT policy rule
- Force Load Message IT policy rule
- Forward Messages In Cradle IT policy rule
- Message Conflict Mailbox Wins IT policy rule
- Message Prompt IT policy rule
- Show Application Loader IT policy rule
- Show Web Link IT policy rule
- Synchronize Messages Instead Of Importing IT policy rule
- Web Link Label IT policy rule
- Web Link URL IT policy rule
- Desktop policy group
- Device IOT Application policy group
- Device Only Items
- Allow BCC Recipients IT policy rule
- Allow Peer-to-Peer Messages IT policy rule
- Allow SMS IT policy rule
- Default Browser Config UID IT policy rule
- Enable Long-Term Timeout IT policy rule
- Enable WAP Config IT policy rule
- Home Page Address IT policy rule
- Maximum Password Age IT policy rule
- Home Page Address Is Read-Only IT policy rule
- Maximum Security Timeout IT policy rule
- Minimum Password Length IT policy rule
- Password Pattern Checks IT policy rule
- Password Required IT policy rule
- User Can Change Timeout IT policy rule
- User Can Disable Password IT policy rule
- Documents To Go policy group
- Email Messaging policy group
- Allow Auto Attachment Download IT policy rule
- Attachment Viewing IT policy rule
- Disable Form Submission IT policy rule
- Disable Manual Download of External Images IT policy rule
- Disable Notes Native Encryption Forward And Reply IT policy rule
- Disable Rich Content Email IT policy rule
- Enable Wireless Message Reconciliation IT policy rule
- Inline Content Requests IT policy rule
- Keep Message Duration IT policy rule
- Keep Saved Message Duration IT policy rule
- Maximum Native Attachment MFH attachment size IT policy rule
- Maximum Native Attachment MFH total attachment size IT policy rule
- Notes Native Encryption Password Timeout IT policy rule
- Prepend Disclaimer IT policy rule
- Maximum Native Attachment MTH attachment size
- Enterprise Voice Client policy group
- Firewall policy group
- Global items
- Instant Messaging policy group
- Location Based Services policy group
- MDS Integration Service policy group
- Disable Activation With Public BlackBerry MDS Integration Service IT policy rule
- Disable MDS Runtime IT policy rule
- Disable User-Initiated Activation With Public BlackBerry MDS Integration Service IT policy rule
- Lowest BlackBerry MDS Integration Service Security version Allowed IT policy rule
- Verify BlackBerry MDS Integration Service Certificate IT policy rule
- Memory Cleaner policy group
- On-Device Help policy group
- Password policy group
- PIM Synchronization policy group
- Disable Address Wireless Synchronization IT policy rule
- Disable All Wireless Synchronization IT policy rule
- Disable Calendar Wireless Synchronization IT policy rule
- Disable Enterprise Activation Progress IT policy rule
- Disable Memopad Wireless Sync IT policy rule
- Disable Phone Call Log Wireless Synchronization IT policy rule
- Disable PIN Messages Wireless Synchronization IT policy rule
- Disable SMS Messages Wireless Sync IT policy rule
- Disable Task Wireless Sync IT policy rule
- Disable Wireless Bulk Loads IT policy rule
- PGP Application policy group
- PGP Allowed Content Ciphers IT policy rule
- PGP Allowed Encrypted Attachment Mode
- PGP Allowed Encryption Type IT policy rule
- PGP Blind Copy Address IT policy rule
- PGP Force Digital Signature IT policy rule
- PGP Force Encrypted Messages IT policy rule
- PGP Minimum Strong DH Key Length IT policy rule
- PGP Minimum Strong DSA Key Length IT policy rule
- PGP Minimum Strong RSA Key Length IT policy rule
- PGP Universal Enrollment Method IT policy rule
- PGP Universal Policy Cache Timeout IT policy rule
- PGP Universal Server Address IT policy rule
- RIM Value-Added Applications policy group
- Disable BlackBerry Wallet IT policy rule
- Disable Ecommerce Content Optimization Engine IT policy rule
- Disable Lotus Connections IT policy rule
- Lotus Connections Activities Server IT policy rule
- Lotus Connections Blogs Server IT policy rule
- Lotus Connections Communities Server IT policy rule
- Lotus Connections Dogear Server IT policy rule
- Lotus Connections Profiles Server IT policy rule
- S/MIME Application policy group
- Entrust Messaging Server (EMS) Email Address IT policy rule
- S/MIME Allowed Content Ciphers IT policy rule
- S/MIME Allowed Encrypted Attachment Mode IT policy rule
- S/MIME Allowed Encryption Types IT policy rule
- S/MIME Blind Copy Address IT policy rule
- S/MIME Force Digital Signature IT policy rule
- S/MIME Force Encrypted Messages IT policy rule
- S/MIME Force Smartcard Use IT policy rule
- S/MIME Minimum Strong DH Key Length IT policy rule
- S/MIME Minimum Strong ECC Key Length IT policy rule
- S/MIME Minimum Strong DSA Key Length IT policy rule
- S/MIME Minimum Strong RSA Key Length IT policy rule
- Secure Email policy group
- Security policy group
- Allow External Connections IT policy rule
- Allow Internal Connections IT policy rule
- Allow Outgoing Call When Locked IT policy rule
- Allow Resetting of Idle Timer IT policy rule
- Allow Screen Shot Capture IT policy rule
- Allow Smart Card Password Caching IT policy rule
- Allow Split-Pipe Connections IT policy rule
- Allow Third Party Apps to Use Persistent Store IT policy rule
- Allow Third Party Apps to Use Serial Port IT policy rule
- Certificate Status Maximum Expiry Time IT policy rule
- Content Protection Strength IT policy rule
- Desktop Backup IT policy rule
- Disable 3DES Transport Crypto IT policy rule
- Disable Cut/Copy/Paste IT policy rule
- Disable External Memory IT policy rule
- Disable Forwarding Between Services IT policy rule
- Disable Geo-Tagging of Photos IT policy rule
- Disable GPS IT policy rule
- Disable Invalid Certificate Use IT policy rule
- Disable IP Modem IT policy rule
- Disable Key Store Backup IT policy rule
- Disable Key Store Low Security IT policy rule
- Disable Media Manager FTP Access
- Disable Message Normal Send IT policy rule
- Disable Peer-to-Peer Normal Send IT policy rule
- Disable Persisted Plain Text IT policy rule
- Disable Public Photo Sharing Applications IT policy rule
- Disable Public Social Networking Applications IT policy rule
- Disable Radio When Cradled IT policy rule
- Disable Revoked Certificate Use IT policy rule
- Disable Smart Password Entry IT policy rule
- Disable Stale Certificate Status Checks IT policy rule
- Disable Stale Status Use IT policy rule
- Disable Untrusted Certificate Use IT policy rule
- Disable Unverified Certificate Use IT policy rule
- Disable Unverified CRLs IT policy rule
- Disable USB Mass Storage IT policy rule
- Disable Weak Certificate Use IT policy rule
- Disallow Third Party Application Downloads IT policy rule
- External File System Encryption Level IT policy rule
- FIPS Level IT policy rule
- Firewall Block Incoming Messages IT policy rule
- Firewall Whitelist Addresses IT policy rule
- Force Content Protection Of Master Keys IT policy rule
- Force Include Address Book In Content Protection IT policy rule
- Force LED Blinking When Microphone Is On IT policy rule
- Force Lock When Holstered IT policy rule
- Force Smart Card Two Factor Authentication IT policy rule
- Force Smart Card Two Factor Challenge Response IT policy rule
- Key Store Password Maximum Timeout IT policy rule
- Lock on Smart Card Removal IT policy rule
- Maximum Smart Card User Authenticator Certificate Status Check Period IT policy rule
- Message Classification IT policy rule
- Message Classification Title IT policy rule
- Minimal Encryption Key Store Security Level IT policy rule
- Minimal Signing Key Store Security Level IT policy rule
- Password Required for Application Download IT policy rule
- Required Password Pattern IT policy rule
- Remote Wipe Reset to Factory Defaults IT policy rule
- Require Secure APB Messages IT policy rule
- Secure Wipe Delay After IT Policy Received IT policy rule
- Secure Wipe Delay After Lock IT policy rule
- Secure Wipe if Low Battery IT policy rule
- Security Service Colors IT policy rule
- Security Transcoder Cod File Hashes IT policy rule
- Trusted Certificate Thumbprints IT policy rule
- Weak Digest Algorithms IT policy rule
- Service Exclusivity policy group
- Allow Other Browser Services IT policy rule
- Allow Other Calendar Services IT policy rule
- Allow Other Message Services IT policy rule
- Allow Public AIM Services IT policy rule
- Allow Public Google Talk Services IT policy rule
- Allow Public ICQ Services IT policy rule
- Allow Public IM Services IT policy rule
- Allow Public WLM Services IT policy rule
- Allow Public Yahoo! Messenger Services IT policy rule
- SIM Application Toolkit policy group
- Smart Dialing policy group
- TCP policy group
- TLS policy group
- TLS Device Side Only IT policy rule
- TLS Disable Invalid Connection IT policy rule
- TLS Disable Untrusted Connection IT policy rule
- TLS Disable Weak Ciphers IT policy rule
- TLS Minimum Strong DH Key Length IT policy rule
- TLS Minimum Strong DSA Key Length IT policy rule
- TLS Minimum Strong ECC Key Length IT policy rule
- TLS Minimum Strong RSA Key Length IT policy rule
- TLS Restrict FIPS Ciphers IT policy rule
- Wireless Software Upgrades policy group
- Allow Non Enterprise Upgrade IT policy rule
- Disallow Device User Requested Rollback IT policy rule
- Disallow Device User Requested Upgrade
- Disallow Patch Download Over International Roaming WAN IT policy rule
- Disallow Patch Download Over Roaming WAN IT policy rule
- Disallow Patch Download Over WAN IT policy rule
- Disallow Patch Download Over WiFi IT policy rule
- WTLS policy group
- WTLS Disable Invalid Connection IT policy rule
- WTLS Disable Untrusted Connection IT policy rule
- WTLS Disable Weak Ciphers IT policy rule
- WTLS Minimum Strong DH Key Length IT policy rule
- WTLS Minimum Strong ECC Key Length IT policy rule
- WTLS Minimum Strong RSA Key Length IT policy rule
- WTLS Restrict FIPS Ciphers IT policy rule
- Application control policy rules
- Descriptions of application control policy rules
- Security Data application control policy rule
- BlackBerry Device Keystore Medium Security application control policy rule
- Bluetooth Serial Profile application control policy rule
- Browser Filter Domains application control policy rule
- Browser Filters application control policy rule
- Device GPS application control policy rule
- Disposition application control policy rule
- Event Injection application control policy rule
- External Domains application control policy rule
- External Network Connections application control policy rule
- Internal Domains application control policy rule
- Internal Network Connections application control policy rule
- Cross Application Communication application control policy rule
- Local Connections application control policy rule
- Message Access application control policy rule
- Phone Access application control policy rule
- Organizer Data Access application control policy rule
- Themes application control policy rule
- User Authenticator application control policy rule
- BlackBerry MDS Services policy rules
- Descriptions of BlackBerry MDS Services policy rules
- Allow Runtime Upgrade By User BlackBerry MDS Services rule
- Allow Discovery by User BlackBerry MDS Services rule
- Allow Application Install by User BlackBerry MDS Services rule
- Allow Push Application Install BlackBerry MDS Services rule
- Allow Application Delete by User BlackBerry MDS Services rule
- Allow External Access BlackBerry MDS Services rule
- Allow Access to Multiple Domains BlackBerry MDS Services rule
- Queue Limit for Inbound Application Messages BlackBerry MDS Services rule
- Queue Limit for Outbound Application Messages BlackBerry MDS Services rule
- Examples of security policy goals
- Defining acceptable use of passwords and passphrases on BlackBerry devices
- Defining measures to protect BlackBerry devices from unauthorized use
- Defining the encryption strength that the BlackBerry device uses to protect data
- Defining measures to prevent threats from viruses and malicious users
- Preventing RIM value-added applications from running on BlackBerry devices
- Example application control policies
- Blocking all third-party applications
- Block all third-party applications
- Permitting specific third-party applications
- Permit a specific third-party application while blocking all other third-party applications
- Controlling the behavior of third-party applications
- Assign a default application control policy to control the behavior of allowed third-party applications
- Legal notice
BlackBerry Manuals & Help
>
Administrator Documentation
>
BlackBerry Enterprise Server 5 Security
>
Policy Reference Guide
BlackBerry Enterprise Solution Security - 4.1.6
Lock on Smart Card Removal IT policy rule
Description
This rule specifies whether a BlackBerry® device locks when the user removes the paired smart card from the BlackBerry® Smart Card Reader or disconnects the BlackBerry Smart Card Reader from a BlackBerry device.
Not all smart card reader drivers support smart card removal detection.
Usage
If you change this rule to True, to use a BlackBerry device, users might require an authenticator module for the smart card and must have a smart card driver and a BlackBerry Smart Card Reader driver installed on the BlackBerry device.
Dependencies
If you change this rule to True, the BlackBerry® Enterprise Server configures the Password Required and Force Smart Card Two Factor Authentication IT policy rules to True automatically in the same IT policy.
Parent topic: Security policy group