Run the command prompt as an administrator, stop the MBAM service, and then set the service to manual or on demand, and then start by typing the following commands: If a computer starts in recovery mode before the recovery key is stored on the MBAM Server, the computer has to be reimaged. By default, MBAM does not allow encryption to occur unless the recovery key can be stored. If the computer is not joined to the domain, the recovery password is not stored in the MBAM Key Recovery service. Join the computer to a domain (recommended). Install the Microsoft BitLocker Administration and Monitoring client agent. Refer to the manufacturer documentation for more details about how to configure the TPM chip. Some vendors provide tools to turn on and activate the TPM chip in the BIOS from within the operating system. You must activate the TPM chip manually in the BIOS of the computer. When you activate the TPM chip, you avoid a reboot later in the process, and you ensure that the TPM chips are correctly configured according to the requirements of your organization. If your organization is planning to use the Trusted Platform Module (TPM) protector or the TPM + PIN protector options in BitLocker, you must activate the TPM chip before the initial deployment of MBAM. To encrypt a computer as part of Windows deployment Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall Windows. The procedure in this topic describes modifying the Windows registry. It also ensures that every computer that is deployed already has BitLocker running and is configured correctly. To review the Microsoft BitLocker Administration and Monitoring Client system requirements, see MBAM 2.0 Supported Configurations.Įncrypting client computers with BitLocker during the initial imaging stage of a Windows deployment can lower the administrative overhead necessary for implementing MBAM in an organization. If computers that have a Trusted Platform Module (TPM) chip, the BitLocker client can be integrated into an organization by enabling BitLocker management and encryption on client computers as part of the imaging and Windows deployment process. The Microsoft BitLocker Administration and Monitoring (MBAM) Client enables administrators to enforce and monitor BitLocker drive encryption on computers in the enterprise.
0 kommentar(er)
