03.05
To be honest, I hadn’t heard of this MBAM toolset until this morning; it’s tucked away in MDOP (Microsoft Desktop Optimization Pack). In Microsoft’s words:
“Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface to BitLocker drive encryption (a feature included in Windows 7 Enterprise/Ultimate). MBAM lets you select BitLocker encryption policy options appropriate to your enterprise so that you can monitor client compliance with those policies and report on the encryption status of the enterprise in addition to individual computers. Also, you can access recovery key information when a user forgets their PIN or password, or when their BIOS or boot record changes”.
It includes:
- Administration & monitoring server: here you have the admin console and a portal, apparently with self-service support for recovery.
- Compliance and audit database: stores compliance data for managed clients.
- Recovery & hardware database: stores recovery data for managed clients.
- Compliance & audit reports: Use SQL Reporting Services to generate reports from the databases.
- Group policy template: Configure managed clients using AD GPO.
- Microsoft BitLocker Administration and Monitoring client agent: Used to manage and configure machines for BitLocker, and return data to the above administration components.
Documentation for MBAM can be downloaded from here.
Copyright Warning
This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.
No related posts.
and here’s a frontend HTA which leverages the MBAM DB when unlocking drives in WinPE – http://bit.ly/ygQBPa
Thanks Niall!