Microsoft have a documented article on how to add the deployment scripts, along with links on the following URL –. In the below example you can see an entry showing that the key was escrowed as part of a recovery event Bare Metal Deploymentsįor those machines running bare metal deployments, you will need special consideration for initialising the BitLocker encryption process. The MBAM service provides event logs so you can see what is taking place, these are located in the following location – Application and Services Logs\Microsoft\Windows\MBAM. Once the application services start running, the policies can be applied to the machine and encryption started. With the pre-requisite hardware preparation completed, for those machines already in production it is a matter of pushing out the GPO and following up with the MBAM Client application. These pre-requisite steps can be automated where the computer manufacturer provides methods to update BIOS settings, either through applications or WMI methods. You will of course need your clients also prepared for BitLocker, including ensuring that a TPM chip is available, cleared and activated, with the preferred BIOS mode being UEFI using Secure Boot. In order to successfully escrow the recovery key through to the MBAM database you will need to do one of two things depending on your roll-out of MBAM. Part 4: Validation of key storage and recovery tests Escrow recovery details Part 3: Configuration of GPO policies and client agent deployment Part 2: Validating IIS sites and customisation In this, the final part of this four-part series, we will look at how to validate MBAM is escrowing keys, they are retrievable through different methods.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |