Related
I've setup a couple of Hermes handsets this past week, one on Cingular (US) and one on Vodafone (UK).
Our Exchange server is hosted in the UK.
I have a problem whereby the password you are forced to set when setting up the push/sync is prompting the user for entry almost every 5 minutes (ie. when the phone requires interaction from 'power save mode')
Entering the password 'settings' screen is no use as the option to change the 5 minute period is greyed out.
Is there a fix to this? Is this handset related or server related?
Surely I'm not alone with this problem?
Hermes (WM5) (1x Cingular US, 1x Vodafone UK)
Vini said:
I've setup a couple of Hermes handsets this past week, one on Cingular (US) and one on Vodafone (UK).
Our Exchange server is hosted in the UK.
I have a problem whereby the password you are forced to set when setting up the push/sync is prompting the user for entry almost every 5 minutes (ie. when the phone requires interaction from 'power save mode')
Entering the password 'settings' screen is no use as the option to change the 5 minute period is greyed out.
Is there a fix to this? Is this handset related or server related?
Surely I'm not alone with this problem?
Hermes (WM5) (1x Cingular US, 1x Vodafone UK)
Click to expand...
Click to collapse
This is server related. Technically you do not need a fix because everything is working as intended. What's happening is the exchange admin is enforcing a security certificate on your phone with the idea being that if you lose your phone, strangers cannot access your data. Further more they can trigger a remote wipe of your device after a set number of failed password attempts. This is pretty much standard in any corporation as they don't want outsiders getting access to their information. That being said there are ways to get around it. Just bear in mind that if you lose your phone, whoever picks it up will have full access to it and all information it contains. If you're willing to accept the potential implications then it's very simple. Google "zenyee.com stay unlock" and read through that thread on Mobility Today. There's a cab on the second page you need to install that will "un-grey" that box so you can set it to something more reasonable, like 24 hours.
Excellent, thanks for the info!
Is there anyway the server can be changed to avoid having to install this Zenyee.com Stay Unlock.zip on each unit?
Yes the exchange server administrator can change the certificate requirements (password requirements as well as idle time requirement).
I am the admin, any idea where this option is?
Hi there,
my company forces every WM user to activate the WM6 default Device Lock with a cab you have to install, which changes some registry parameters, I guess. But this cab also includes certificates (WLAN and VPN-access) that I really need, so I have to install it.
But I don't want to have my device locked every 15 minutes (especially if using Navigon...). If I try to disable Device Lock in the Settings menu, the field is greyed out. But is there any registry parameter which disables this device lock?!?
Is there another way to disable it?
Thanks in advance!
First enable the box again to untick it:
HKLM\Security\Policies\00001023
0 = Enabled; 1 = Disabled
Then install Zenyee.com Stay Unlock.cab and soft reset your device.
This program will prevent the lock to be activated again.
Great! Works just perfect for me!
This might just be what i'm after Last week I was using an ipaq on wm2003 but since the weekend I've bought myself a Sony E X1 and logged onto the works network this morning and it installed some security polices and then it started locking the phone every 5mins.
Quick search and I find this thread, hope it works, let you all know .
Ta
Update, it has given me the option and I have disabled it rather than setting it to say 24hours and also ran the keep unlocked cab file. See how it goes at work tomorrow.
well i can confirm that no further locks have appeared since logging back onto the work network can see i'm going to enjoy this forum. ta
phoenix3dfx225 said:
well i can confirm that no further locks have appeared since logging back onto the work network can see i'm going to enjoy this forum. ta
Click to expand...
Click to collapse
It works yes, but i found that the app absolutely wiped out my battery which ran very hot. I removed the app and this solved the problem, although unfortunetly device locked appeared once more. Does it wipe out yours?
WM 6.1 VPNLockingmy device
Thanks very much gang!!! I have installed Zenyee.com Unlock cab. It solved the goddamn issue, and allowed me to untick the password request in Setting, Lock.
before Icould not untick it.
now the device is not locking itself every time i turn the screen off
The manual registry cleaning worked very well. Thank you for the tip.
I haven't installed the .cab so we'll see how long it takes until it gets locked again...Maybe it won't I don't have much faith in our IT Group
Not wanting to spoil anyones fun, and i can see why periodic locking of the device is a pain, it is obviously being done for a reason. Bear in mind that it may well be considered a breach of employment contract to circumvent said security measure.
For information i am a BlackBerry Admin and so have a "vested" interest in device security. Just think what "sensitive" detail may be on the device and so open to anyone if it gets lost and this hack is running.
deedee said:
Not wanting to spoil anyones fun, and i can see why periodic locking of the device is a pain, it is obviously being done for a reason. Bear in mind that it may well be considered a breach of employment contract to circumvent said security measure.
For information i am a BlackBerry Admin and so have a "vested" interest in device security. Just think what "sensitive" detail may be on the device and so open to anyone if it gets lost and this hack is running.
Click to expand...
Click to collapse
Very true deedee,
Personally I dont use the hack on my company mobile, but on my personal one which i used to use via exchange, the policy lock is still enforced even after removing server details, which is a proper pain. The only real way is a hard reset in my experience. The app does work but wiped out my battery daily (and breaking the said security policies, which you are correct can end in your p45 in the post!!!)
Great words of wisdom as usual!
Been looking for a way to get ride of the pain in the ass device lock.... And this just made my day... thanks alot....
I agree as well. However, isn't there a possibility (via Mortscript or whatever) to disable the locking when running some application (a navigator as mentioned in this message) and to enable it again after quitting?
This way, you don't have the lock while navigating, and the policy is still upheld (unless of course, your mobile gets nicked out of the car while in navigation mode).
THANK YOU!
omg so nice to get rid of that damn phonelock thanks!!
Circumvent Device Lock in Blackberry Connect for Windows Mobile
---------------------------------------------------------------
Description:
------------
BBC features a security module that, if configured and activated, locks the device after a specific amount of time.
In a corporate environment this is usually set up by a security policy which is pushed to the device via Blackberry Enterprise Server (BES).
If the device is locked the user has to enter a password to unlock the device again.
There are two ways a user can compromise the security implied with the BBC security service.
1) Using a task manager a user can deactivate the BB security service (bbsecurity.dll) which is responsible for enforcing the security policy. The BB service itself is not affected by stopping the security service as long as the device is not rebooted. Thus the security policy is no longer enforced but the user is still able to use all other BB features.
2) The BB security service does not block all user actions during device lock. Only the screen overlay is enforced but applications might still be started using hardware keys. There are several ways to misuse this flaw. One for example is if a voice command software is installed, the user can still send voice commands to the device. If Microsoft Voice Vommand is installed and bound to a hardware key and the device gets lost or stolen a malicious person can press the voice command hardware key and ask for upcoming appointments, dial numbers etc. which leads to information leakage.
Affected:
---------
Blackberry Connect (BBC) for Windows Mobile PocketPC 4.0.0.97 (only version tested, but suspectable all currently available 4.x versions)
Not Affected:
-------------
Blackberry Connect (BBC) for Windows Mobile PocketPC 2.x
Workaround / Fixes:
-------------------
None
Vendor Contacted:
-----------------
14.05.2008
Vendor Response:
----------------
None
How to deactivate it?
Hi,
I am looking for long time how to deactivate this security feature and would be interrested how to schedule with a task scheduler the dll??
Could you please advise how to do this?
Thanks
jsimpson said:
Hi,
I am looking for long time how to deactivate this security feature and would be interrested how to schedule with a task scheduler the dll??
Could you please advise how to do this?
Thanks
Click to expand...
Click to collapse
You cannot deactivate it completely since the policy is enforced after each softreset. As I wrote you can use a task manager to stop the service, but you should under no circumstances stop it permanently because your device will not come up anymore if the service is completely disabled.
So to get back to your question; No, I cannot tell you how to do it with a task scheduler as the only way I know is using a task manager.
One can write a small utility to stop the service and after a softreset one can run this program to avoid using a task manager for that, but AFAIK there is no such program.
mmm After being happy when I put the WWE HTC rom on my TMO Vario IV and after managed to install and initialize Blackberry Connect .103 I got disappointed when the BB security lock came in the first time.
I cannot set the lock-timer higher than 15 min.
Its extremely nasty when I am driving using Tom Tom navigator.....have to type the password every now and then (I have the feeling not exact 15min's!).
I tried the stop-service trick, but that one appears non working with (at least) BBC version .103 and .104 on my device.... Without running BB security service the device wont wake up or soft-reset itself.
Has anyone encountered these new issues with BBC 4 security lock and has anyone found a solution yet???
Was thinking to let the security lock active (preventing my device from locking up or soft-resetting spontaneously) and to build a script that runs in the background checking whether or not the security lock screen is present. And once it is...pastes the security code in the box and pushes OK.
Does this sound do-abe?
edsub said:
Was thinking to let the security lock active (preventing my device from locking up or soft-resetting spontaneously) and to build a script that runs in the background checking whether or not the security lock screen is present. And once it is...pastes the security code in the box and pushes OK.
Does this sound do-abe?
Click to expand...
Click to collapse
Do the same for GOODLINK and you got a deal!
Well I managed to fix this like I mentioned.
Attached are 2 Mortscripts that to run in background from \Program Files\Mortscript
(I have a shortcut in \Windows\StartUp to make sure it is run when my devices is reset, so i do not have to start it myself after every reset, but thats optional)
The 1st script is for general purpose: It just makes sure you will not be bothered again by the BBC security screen
The 2nd script only works when TomTom navigator is active.
You simply choose which script suits your needs best. Both can be run at he same time also I suppose.
The 1st script, BBCUnlock.mscr, simply waits for the security screen, sends the appropriate keystrokes (leftsoftkey, password, leftsoftkey) and restarts itself (to wait for the next security screen popup).
Beware:
1. Enter your own password in the right placxe in the script before using it.
2. Comment-out the last line until you are absolutely sure the script works (remember: 10 wrong passwords deletes all BBC data on your device!!)
It runs in a couple of seconds (which you see happening)
The 2nd script, NoLockTTNVGA.mscr, only works when TomTom Navigator is running: Every 10 minutes it taps the zoom-in and zoom-out hot-spots in TomTom's 3D view (based on VGA resolution!!), before re-launching itself again. This makes the security time-out will never happen as long as TomTom is running.
Update:
The NoLockTTNVGA script works flawlessly, but only fixes the issue when TTN is active
The BBCUnLock script has some glitches. Apparently it locks up my device when
- a reminder 'stays active' for some reason.
- TomTom Navigator is active (but that can be fixed whith the other script!)
The script can be run simultaneously. And when you have TTN: for now they must!
Not sure how to make the BBCUnLock script more stable, any help appreciated.
Hi edsub,
Thanks for your efforts so far. Up to now I have used MemMaid in my startup files so that after a soft reset, I have to firstly unlock the Blackberry and secondly the MemMaid then kicks in and I disable Blackberry Security in Startup Services. This means the security is overridden until my next soft reset as you already know. Therefore, I don't need to install the mortscript for TomTom.
However, I am particularly interested in the other mortscript you have given. I want to be able to simply soft reset my Diamond and then just leave it, without having to (1) input my password and then (2) disable the Blackberry Security in MemMaid.
I think your mortscript is possibly the answer to my prayers.
However, I have installed it to my device and also installed MortScript v4.3.0.2 Beta. I am concerned that (1) I am a beginner & this is too advanced for me and (2) running mortscript will eat up my battery.
I have renamed the extention on your file with .doc and input my password overwriting the appropriate parts) on my desktop and then renamed the extention back to .mscr and then installed in the MortScript folder back on my Diamond.
In MemMaid, I have put the Mortscript and Autorun .exe's into the Startup Items section, so this should run after a soft reset.
However, my Diamond does not unlock itself. What am I doing wrong?
I really appreciate any help you can give me. I am very much a newbie with this program!
I am persevering with this, but cannot get it working. I have put a shortcut for Mortscript.exe and the BBCUnlock.mscr into my Windows Startup folder using MemMaid. I have also tried to change the order of the programs starting on MemMaid, but this does not seem to have any effect on inputting the password. I have obviously changed the word "secret" to "mypassword" in the BBCUnlock.mscr file. I have also tried just putting the BBCUnlock.mscr (without the Mortscript.exe) in the Startup folder.....
I would appreciate your help edsub...
Update:
I have managed to get the BBCUnlock.mscr work during normal operation, but it does not work for the password immediately following a soft reset (it does work thereafter).
This is already a huge improvement as I don't need to then disable the Blackberry Security from MemMaid following a soft reset. However, how can I get it to work for the password immediately following a soft reset?
Please help edsub!!! This is the final ingredient to my perfert Diamond!!!
I think the Mortscript does not run until AFTER the Blackberry Security has been unlocked for the first time following a soft reset. I have tried to change the order of the shortcuts on MemMaid, but haven't managed to succeed. Can anyone offer any help PLEASE???
I have tried some more things too:
Added in a sleep timer of 5 seconds from sensing the "owner information" to pressing the left soft key and also increased the time from pressing the left soft key to inputting the password. It works great in normal mode, but still doesn't work for the single password required immediately following a soft reset.
Also I have tried to put not just a shortcut into the startup folder, but the actual mortscript itself. Plus the shortcut!
I can't believe there aren't more people with this problem. Edsub has certainly created a wonderful mortscript here. It is nearly perfect and I'm sure others would want it if it worked for ALL password inputs required.
Can anyone please help????
I guess Mortscript is not running before the password is given for the first time. I have this behaviour too. So i have to give the password myself right after reset. After that the Mortscript takes good care of it.
edsub said:
I guess Mortscript is not running before the password is given for the first time. I have this behaviour too. So i have to give the password myself right after reset. After that the Mortscript takes good care of it.
Click to expand...
Click to collapse
Hi Edsub, nice to see you back! Thanks for the reply & PM. Your Mortscript programme is still the most important programme on my device! I did try to re-order the start up processes on SK Tools so that the mortscript would start before the Blackberry security, but I couldn't get it to be more important in this way!! Now I have a Diamond 2 and am hoping not to have to soft reset at all. I have another problem now - I can't seem to get BBC working at all on this phone, but that's another story.....
EdSub, as you are my hero for getting the Blackberry security to sort itself out via your Mortscript programme, I wonder if you can write another Mortscript programme for this: http://forum.xda-developers.com/showpost.php?p=4381321&postcount=89?
I would be very grateful!! I think other Blackberry users would be too.
Hi,
Maybe the question is idiot, but reading the first post, I was wondering why not create a small script which would simply deactivate bbsecurity.dll on startup... If I read it well, doing this once would be enough, and have no impact on the BB service itself...
Using a small sleep, it would be easy to put this script directly in the windows startup folder so that the sleep leaves enough time for the dll to start, and then deactivate it...
Isn't this possible?
Thanks
bbdoc said:
Hi,
Maybe the question is idiot, but reading the first post, I was wondering why not create a small script which would simply deactivate bbsecurity.dll on startup... If I read it well, doing this once would be enough, and have no impact on the BB service itself...
Using a small sleep, it would be easy to put this script directly in the windows startup folder so that the sleep leaves enough time for the dll to start, and then deactivate it...
Isn't this possible?
Thanks
Click to expand...
Click to collapse
Edsub already did this with Mortscript. It doesn't de-activate it completely, just senses when the code is required and then enters the code. I would like a script which does what you are suggesting.
mitsi said:
Edsub already did this with Mortscript. It doesn't de-activate it completely, just senses when the code is required and then enters the code. I would like a script which does what you are suggesting.
Click to expand...
Click to collapse
Yes, I know this script, and I'm using it... It's working quite good, even if it sometimes misses the code, don't know why... but I'm a bit worried about battery consumption linked to the fact a script is constantly running only for typing this password every 20 minutes... Deactivating the dll would probably be a more efficient solution, but maybe this is not possible using mortscript...
bbdoc said:
Deactivating the dll would probably be a more efficient solution, but maybe this is not possible using mortscript...
Click to expand...
Click to collapse
You can use the attached program to stop the service. Just execute it and the service will be stopped. However, you have to do this after each softreset. I recommend to wait until the connection is established to the RIM network and then use BBStopSec.exe
Hope this is what you were looking for.
That's indeed what I was looking for... I'm just surprised it's an .exe and not .mscr...
Is it something you compiled yourself? The idea I had with the mortscript was to add a sleep before stopping the service, because this way, I can simply put it in my startup folder and it will launch automatically after a soft reset... As far as the first lock screen will only come after 20 minutes, I could even put a sleep of 10 or 15 minutes before stopping the service and I would never get my screen locked...
I was going to sync my phone with my company's exchange server the other day, but I stopped because after filling out my user name and domain and hitting next, it said "the exchange server will have to apply security policies on your device in order to continue" or something like that.
So I guess I was wondering if anyone knew what type of "security policies" these are. I mean maybe I am being an idiot, but can they restrict my ability to install/remove applications. I am enjoying messing around with my phone, and I really would not want something giving me limited access to my phone. My phone is a hermes100, but I am pretty sure this message will come up on any other winmobile phone too. So anyone have any idea what this does?
thanks for the help
My company's exchange server enforces a "LOCK" policy of 20 minutes. Every 20 mins the phone locks up and you have to enter a 4-digit pre-set number to unlock. Its very ANNOYING !!!!
I was able to bypass this policy using a software. Let me know if you need it.
Depending on your phone version and verison of Exchange, they have varying degrees of control, but none over software management (beyond device wipe with 2007). But that is also a standard message and I would bet the most they may have (but mostly likely don't) is a lock policy. Moving forward with Mobile Device Manager 2008, your administrators will have nearly as much control over the handheld device as they do the PC. As an IT administrator I see this as a blessing and a curse as a user wanting free-will. To strike the balance will be tough with these new found inroads into device control.
tmknight said:
Depending on your phone version and verison of Exchange, they have varying degrees of control, but none over software management (beyond device wipe with 2007). But that is also a standard message and I would bet the most they may have (but mostly likely don't) is a lock policy. Moving forward with Mobile Device Manager 2008, your administrators will have nearly as much control over the handheld device as they do the PC. As an IT administrator I see this as a blessing and a curse as a user wanting free-will. To strike the balance will be tough with these new found inroads into device control.
Click to expand...
Click to collapse
I have an ATT 8525 Herm100, and you were right, it was a lock policy. At least that's all I see so far....
So I am on Simple Mobile on an unlocked Tmobile HD7. The problem is that everytime I run the HTC Connection Setup the phone detects Tmobile as the default conncection (which is because Simple Mobile does use Tmobile networks)
however when I manually select Simple Mobile from the provider list. MMS/Picture Message seems to work fine. Of course given the fact that Data Connection is active and we don't have much APN settings for MMS on Windows Phone Mango (yet).
So I was wondering if instead of using the HTC Connection Setup if I use some other OEM connection setup app like that of Nokia or Samsung using the xap marketplace changer,
would it still work ??? I don't want to run HTC Connection Setup again and again for it might relock my deepshining custom ROM.
Please answer.
It won't work. The various setup apps work using a type of configuration file called provxml. In order to have the permissions to apply these files, the apps need to call into a high-privilege system component (a software driver, usually). These components are OEM-specific (they're part of the OEM firmware, not part of the Microsoft OS) and therefore each app targets its own OEM's component. Connection Setup won't work on any phone without the HtcProvisionDrv.dll driver binary (so, on any non-HTC phone), and the other apps won't find the component they need on an HTC phone.
That said, why are you worried about relocking? That doesn't make sense. First of all, there's no reason why that would happen (you'd have to install the equivelent of the HTC Interop Unlock XAP, but with the provxml files set to lock the phone instead of unlocking). Second of all, a Full-Unlock ROM like yours doesn't need to worry about that anyhow. That's baked into the ROM and can't be removed without re-flashing the phone.
GoodDayToDie said:
It won't work. The various setup apps work using a type of configuration file called provxml. In order to have the permissions to apply these files, the apps need to call into a high-privilege system component (a software driver, usually). These components are OEM-specific (they're part of the OEM firmware, not part of the Microsoft OS) and therefore each app targets its own OEM's component. Connection Setup won't work on any phone without the HtcProvisionDrv.dll driver binary (so, on any non-HTC phone), and the other apps won't find the component they need on an HTC phone.
That said, why are you worried about relocking? That doesn't make sense. First of all, there's no reason why that would happen (you'd have to install the equivelent of the HTC Interop Unlock XAP, but with the provxml files set to lock the phone instead of unlocking). Second of all, a Full-Unlock ROM like yours doesn't need to worry about that anyhow. That's baked into the ROM and can't be removed without re-flashing the phone.
Click to expand...
Click to collapse
ok...got it...thanks for your reply. Well I was worried because I read it somewhere that running HTC Connection Setup might lock the device again. Can't remember where. Anyways it really is annoying to run the setup again and again...I wish there was a registry fix to input the MMS settings manually.