In Part-1 of installing MBAM 2.5 , We installed MBAM 2.5 server OS, Installed SQL , Configured reporting services, Downloaded MDOP 2013 and downloaded configuration files for SCCM and other software as needed.
In Part-2 of installing MBAM 2.5, We created service account , User id’s and groups to be used for installing and configuring MBAM .We also set SPN for application pool account.
In Part-3 of installing MBAM 2.5 , We updated inventory in SCCM and installed SCCM integration components
In Part-4 of installing MBAM 2.5, We installed and configured MBAM database and reports
In Part-5 of installing MBAM 2.5 , We are going to install and configure MBAM Web services and administration portal.
In Part-6 of installing MBAM 2.5, we are going to add Group Policy Templates and configure group policies for windows clients.
In Part 7 we are going to encrypt the OS drive on a Windows 8 virtual machine.
Install MBAM Client
From MBAM 2.5 install directory , Go to x64 folder and run MBAMClientSetup.exe . There are no prompts , But the client will be installed.
In Part -6 we configured an applied Active Directory group policies to allow MBAM to encrypt drive without compatible TPM chip.
Update group policies after installing MBAM client.
After updating the group policies , I had to wait for about 30 minutes for this screen to show up . So patience is must 🙂
If you want to speed up things , Add a reg key
Key Name – NoStartupDelay
Before going any further please ensure that no virtual CD rom is empty and ISO file is mounted.
Enter password ,Enter minimum of 8 characters ( as set in group policy in part-6 )
Click on create password and the encryption will start.
At this point drive is encrypted . You can click on exit . If you want to change the password you can do later from control panel.
Restart the virtual machine which just finished encrypting , This is the first screen you will get.
Enter password and enter
Now the client is encrypted.
Lets review compliance information stored on SCCM Server .
Report below shows the compliance status . If there is another windows 8 virtual machine and if it was not encrypted compliance will not be 100% .
Report below show enterprise compliance status . This gives SCCM admins good idea of how many machines are pending bit locker roll out .
Bit locker Password recovery :
Steps below can be used if user forgot bit locker password .
When computer reboots , at the password screen press esc to get bit locker recovery options
Copy the first 8 characters of bit locker key.
Go to administration and monitoring website on MBAM server.
click on drive recovery options and enter first 8 digits on the key , I just selected first option OS boot order changed
Submit to get a recovery key for the drive
Copy this key and use it to login to machine
Once logged in you can reset the password again.
Go to control panel , Bit locker encryption option and reset the password.
This concludes part 7