MBAM Part 2

BitLocker Administration and Monitoring: Part 2

After you complete installation of the server components, you can test the installation by opening a web browser on a computer and going to https://<server_name>/helpdesk. You should see a screen like this:

1

This will serve as the portal for your help desk to access recovery keys. The Drive Recovery node is where your help desk will spend most of their time. It looks like this:

2

The help desk can look up the recovery key by providing this required information. The only required information is the Key ID that is displayed on the end user’s screen. The User domain and ID fields are for reporting purposes.

To test the self-service portal, go to https://server_name/selfservice. After you log in, you will see an acknowledgement that you can customize. When you click through that, you will see the area where a user can request their recovery key.

3

Again, the user will have to enter the displayed recovery key ID and a reason for the request. This activity is viewable from the reports on the help desk site.

Deploying the MBAM Client

Each Windows device also needs to have the MBAM client installed. The client is included on the MDOP DVD. You can use Active Directory, ConfigMgr, or any other software deployment system to install the MBAM client. A full command line parameter reference can be found here: https://technet.microsoft.com/en-us/library/dn645348.aspx. I would first recommend extracting the MSI. You can add a few more options by directly using the MSI instead of the standard EXE. Here’s the command:

MbamClientSetup.exe /extract <extraction directory> /acceptEULA=Yes

After you have the MSI, here’s a basic installation command:

msiexec /i MbamClientSetup-2.5.1100.0.msi /qn ALLUSERS=1 REBOOT=ReallySuppress

Of course, this command must be executed from the directory containing the MSI. You can also add a path in front of the MSI file if that is not possible.

After the client installation is complete, the GPO’s will take affect for configuration. We will talk about the GPO’s and recovering a key in Part 3.

Share:

Facebook
Twitter
LinkedIn
Matt Tinney

Matt Tinney

Professional IT executive & business leader having decades of experience with Microsoft technologies delivering modern-day cloud & security solutions.

Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
December 4, 2023
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
November 25, 2023
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
November 7, 2023
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
November 2, 2023
Load More
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.