Provision a laptop with a Windows 7 operating system using SCCM OSD.How to use the BitLocker Recovery console and the MBAM Server console to verify the MBAM Agent stored the drive Recovery Key in the MBAM database.Ī quick recap of the objectives never hurts:.How to use the Event viewer on the client to verify the MBAM group policy was applied and that the MBAM Agent successfully communicated the drive encryption status to the MBAM Server.How to use a SQL query to verify the MBAM Agent pushed the TPM Owner password file to the MBAM database.How to use the MBAM Server console to verify the TPM Owner password file was pushed by the MBAM agent to the MBAM Server.How to verify the MBAM Agent was installed (and verify that the Group Policy to hide the BitLocker Drive Encryption applet in Control Panel is working).The steps the user must take to set the BitLocker PIN.
In the fifth part of this multipart post, I will cover following: Note: This OSD task sequence assumes the target is a new or re-purposed machine. Encrypt the OS partition using the MBAM agent.Copy the CCTK executables to c:\windows\cctk.In Part 4 of this multipart post, we covered the tasks used in the task sequence that accomplish the following: The program associated with this package runs the f script. The program associated with this package performs a silent install of the MBAM agent.ģ. The program associated with this package simply copies the package files and folder hierarchy to a permanent location on the OS partition.Ģ. BIOS Configuration Utility (CCTK) files package. In Part 3 of this multipart post, we covered the required packages and programs to automate MBAM client distribution and OS partition encryption. We also covered optional policy settings designed to hide the default BitLocker Drive Encryption Control Panel applet from end users. In Part 2 we covered creating and configuring the group policies required to enable MBAM clients to communicate with the MBAM server, and how often the MBAM client communicates with the MBAM server. The first post finished by referencing David Hornbaker’s post describing how to use the StartMBAMEncryption script and how to customize the registry import files used by that script for a specific MBAM Server environment. The first part also covered the TPM settings required for BitLocker encryption and for the MBAM agent to take ownership of the TPM, the BIOS configuration utility (CCTK) and the actual commands used to configure the TPM. In the first part of this multipart series, we discussed the objectives of this exercise and the required components.
0 kommentar(er)
