Bitlocker hardware not populating
Hi All,
I have a problem with MBAM 2012. The client is contacting the server and encrypting. They show in the enterprise compliance report, but not under the hardware tab. Am I missing something obvious?
Thanks
Ian
December 4th, 2012 7:07pm
Did you set the Group Policy to ensure that the Hardware gets logged and approved?PLEASE MARK ANY ANSWERS TO HELP OTHERS Blog:
rorymon.com Twitter: @Rorymon
Free Windows Admin Tool Kit Click here and download it now
December 4th, 2012 11:21pm
I have set, client MGT - Configure MBAM Services, and specified the endpoints, which do resolve the services.
Disabled hardware compatibility checking
Operating System Driver - Operating system drive encryption settings - TPM only, no PIN.
I can't see a policy for logging and approving?
Thanks
December 5th, 2012 12:12pm
Hi,
Please try the following action plans:
1. Disable the following GPO
Removable data drivesDeny write access to removable data drives not protected by BitLockerDisable
2. Insert the USB flash drive and note the drive letter assigned to it.
Although a BitLocker PIN can contain spaces, it is easier to avoid spaces when setting the PIN via the command line. Replace E with the drive letter assigned to the USB flash drive. C is the drive
to be encrypted. E is the location to save the StartupKey.
manage-bde -protectors -add C: -TPM tp xxxx -tsk E:
Thanks.
Kevin NiPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
December 12th, 2012 12:19pm
Hi Kevin,
Im not sure i understand the point in putting the key on a USB drive? It needs to populate in MBAM hardware tab?
Thanks
Ian
December 12th, 2012 12:29pm
which version of MBAM software have you installed?
check from programs and features.
for MBAM 1.0 - enable allow hardware compatibility checking policy under client management for MDOP MBAM GPOs.
for MBAM 2.0 Beta - this feature is deprecated in standalone version.Manoj Sehgal
Free Windows Admin Tool Kit Click here and download it now
December 13th, 2012 7:05am
We are running MBAM from MDOP 2012, version 1.0.2001.1
I had enable hardware compatibility checking disabled. As i am still testing i will try it enabled and see how our test clients react.
Thanks for you help.
December 13th, 2012 12:34pm
That works properly, thanks for your help. It is pretty useless for us anyway as we only have one manufacturer of laptop, so i'll leave it disabled.
Thanks
Free Windows Admin Tool Kit Click here and download it now
December 13th, 2012 3:42pm