Win 2012 Bit locker Infra and MBAM 2.5

I am trying to implement a Bit locker infra that can store keys to AD. Long back I have done the same in a Win 2003 AD, by extending schema, running scripts, configure group policies etc.
No I am trying to do in a Win 2012 R2 AD infra. Most of my client machines are Win 7,8.1 etc.
In win 2012 I came to know about MBAM 2.5. Would like to know If I do the MBAM way of Bit locker Infra - Do i need to extend schema, Create GPs, run scripts etc?
How to proceed ? Pls provide guide lines

Hi, I would recommened asking here.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=mdopmbam
Devaraj G | Technical solution architect

Similar Messages

  • I forgotten my bit locker password and recovery key.i need help .................

    i lost my bit locker password and i lost recovery key,i need help ..please help ......such important things are there in my e drive....pls mail me [email address redacted]

    Unfortunately if you lose the password and the recovery key you are not able to decrypt and access the information, that is the sole purpose of BitLocker.
    Blogging about Windows for IT pros at
    www.theexperienceblog.com

  • I forgot my bit locker password and i lost my bit locker recovery key

    so plesae help me... to recovery my bit locker key...

    Hi,
    I have to tell you that you cannot decrypt the drive without recovery password or recovery key unless you format this dirve, which may lead to personal data lost.
    Andy Altmann
    TechNet Community Support

  • Bit locker Mutliple Drives Mutliple OS's

    I have a laptop with two hard drive in it.  The primary has Windows 7 Enterprise and is a member of the corporate domain.  The secondary has Server 2008 R2 and is a member of the lab domain.  There is no trust or association between domain. 
    The laptop does the Windows multi-boot off the primary drive.  I want to enable bit locker to secure the drives.
    If the two windows environments were exclusively separate, setting up bit locker on each drive independently would be pretty straight forward, but when I'm in one OS, I will frequently need to get files and data from the other drive (and no, making each
    drive big enough to hold all it's own data is not an option, plus the synchronization headache).  Both drives will need to be bit locked to their respective OS, but the other drive will need to be accessible.
    And not to make things too easy, the secondary drive, which i put in an optical drive bay carrier, routinely gets pulled (not while the system is running, of course) out and popped into a USB case to be used as a library transfer drive. 
    So....
    the Windows 7 drive needs to be natively bit locked.  and be accessible when running Windows 2008 from the second drive.
    the Windows 2008 R2 drive needs to be natively bit locked, and be accessible when running Windows 7 from the first drive, and be accessible when run as a stand-alone USB drive on another system.
    I would appreciate any wisdom you can share to make this all work.  And please presume that i know next to nothing about installing and running bit locker, because that's pretty much true.
    Let me know if you need more information about my configuration.
    Thanks

    Hi,
    "and be accessible when run as a stand-alone USB drive on another system."
    Firstly, if you enable bitlocker for one drive, it will be encrypted always until you decrypt it. Thus after you insert it to any system, it need to enter the credential to access it.
    And then, if you want to access one drive in another computer, you need to get the shared permission. After you' re granted the sufficient permission, you could access it no matter if it's encrypted. Of course, another computer must be started.
    Karen Hu
    TechNet Community Support

  • Bit locker on Windows 2012 r2 AD And Win 8.1 Client

    Can anyone give guidelines/articles for configuring Bit locker on Windows 2012 r2 AD With Win 8.1 Client
    I am looking for detailed directions on backing up Bit Lo. & TPM recovery key to AD

    Hello,
    please start with
    https://technet.microsoft.com/en-us/library/dn383581.aspx and
    https://technet.microsoft.com/en-us/library/jj592683.aspx?f=255&MSPPError=-2147217396
    Best regards
    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://blogs.msmvps.com/MWeber
    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
    Twitter:  

  • Pre-Provisioning Bit Locker in MDT 2012 SP1 while using MBAM 2.5 - No Pin Required

    Does anyone have some step by step instructions for Pre-Provisioning Bit Locker. Through task sequences, we are currently able to bit locker the computers but it's the last set of tasks.  I would like to Bit Locker the computer while no data is on the
    disc so it's faster and then as its imaging, the files are already encrypted.
    Currently:
    Creates BIOS Password
    TPM turned on and enabled (using CCTK)
    Remove Password
    Registry changes
    Installing MBAM 2.5
    Removing Registry Entries
    Any help would be appreciated!
    Thanks
    Rick

    Bitlocker Pre-Provisioning is available by default on MDT Litetouch...
    If you just want to pre-provision the drive without letting MDT LiteTouch enable any protectors (let MBAM do that) then just run the following command after the "FOrmat and PArtition" step in the Task Sequence:
    x:\windows\system32\Manage-BDE.exe c: -used
    (OR whatever drive letter OS exists on in WinPE)
    AS an alternative, I would add a step just before the "ENable Bitlocker (offline)" step in the task sequence:
        BDEInstallSuppress=NO
        isBDE=YES
    then after the "Enable Bitlocker (offline)" step in the Task Sequence, I would set the following:
        isBDE=NO
    Keith Garner - Principal Consultant [owner] -
    http://DeploymentLive.com

  • Software Update Point doesn't show Win 2012 R2 and Windows 8.1 updates

    I started deploying Windows 2012 R2 Datacenter servers and some Windows 8.1 workstations. I wanted to make sure that my Software Update Point was downloading updates available to those OS's and after going in to Administration -> Overview -> Site Configuration
    -> Sites -> Configure Site Components -> Software Update Point, I notice that those OS's weren't available to select. 
    I then did some searches on the web and thought my problem was two fold:
    1 - I was using SCCM 2012 SP1. 
    2 - My SCCM 2012 Software Update Point was on a Win 2008 R2 server
    So the first thing I did was upgrade from SCCM 2012 SP1 to SCCM 2012 R2. I then created a Windows 2012 R2 Datacenter server and installed WSUS on it. I then added the server as a Site System Server, added the Software Update Point to it and configured it.
    Unfortunately, this still didn't help me as you can see from the screen shots below:
    What am I doing wrong and what needs to be done to have all the updated Operating Systems and Microsoft Software added to my Product list?
    Thanks... Frank

    To follow on to narcoticoo's statement, have you actually initiated a catalog sync from within the ConfigMgr console yet? If so, has it completed successfully (you can check the moniotring workspace or you can watch the wsyncmgr.log).
    Jason | http://blog.configmgrftw.com
    Jason...
    I just ran a Synchronize Software Updates from ConfigMgr Console. I then went Monitoring -> Software Update Point Sync Status. It's showing my new WSUS server ( 2012 R2 ) but it's not showing any updates are being sync'd through it. See this screen shot:
    I then went to the wsyncmgr.log file on my site server which is the OLD WSUS server ( Win 2008 R2 ) and say this:
    STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=PREP-SCCM12.<domain.org> SITE=STA PID=5224 TID=4028 GMTDATE=Wed Feb 26 19:00:40.236 2014 ISTR0="getSiteUpdateSource" ISTR1="WSUS update source not found on site STA. Please refer to WCM.log for configuration error details." ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 $$<SMS_WSUS_SYNC_MANAGER><02-26-2014 14:00:40.236+300><thread=4028 (0xFBC)>
    Sync failed. Will retry in 60 minutes $$<SMS_WSUS_SYNC_MANAGER><02-26-2014 14:00:40.279+300><thread=4028 (0xFBC)>
    Setting sync alert to active state on site STA $$<SMS_WSUS_SYNC_MANAGER><02-26-2014 14:00:40.313+300><thread=4028 (0xFBC)>
    Sync time: 0d00h00m00s $$<SMS_WSUS_SYNC_MANAGER><02-26-2014 14:00:40.360+300><thread=4028 (0xFBC)>
    Deleting file \\?\UNC\prep-dpsccm12\WSUS Updates\Win 7 Updates up to Aug 2012\0048da55-f46f-4452-b4c1-37c0f295333b\IE9-langpack-Windows7-x86-xho.exe, FAILED, Win32 Error = 5 $$<SMS_WSUS_SYNC_MANAGER><02-26-2014 14:00:41.042+300><thread=4028 (0xFBC)>
    Failed to delete orphaned content folder \\prep-dpsccm12\WSUS Updates\Win 7 Updates up to Aug 2012, error 0x5 $$<SMS_WSUS_SYNC_MANAGER><02-26-2014 14:00:41.067+300><thread=4028 (0xFBC)>
    Deleting file \\?\UNC\prep-dpsccm12\WSUS Updates\Win2k8 Updates Until Aug 2012\000f8a0a-825c-457b-a15b-57ade145a09b\windows6.0-kb2653956-x64.cab, FAILED, Win32 Error = 5 $$<SMS_WSUS_SYNC_MANAGER><02-26-2014 14:00:41.119+300><thread=4028 (0xFBC)>
    Failed to delete orphaned content folder \\prep-dpsccm12\WSUS Updates\Win2k8 Updates Until Aug 2012, error 0x5 $$<SMS_WSUS_SYNC_MANAGER><02-26-2014 14:00:41.144+300><thread=4028 (0xFBC)>
    Deleting file \\?\UNC\prep-dpsccm12\WSUS Updates\Win 7 Updates for Sept 2012\10f3ec1c-f096-4a82-ae41-440ba5328467\Windows6.1-RTM-Client-NEUTRAL-X86.EXE, FAILED, Win32 Error = 5 $$<SMS_WSUS_SYNC_MANAGER><02-26-2014 14:00:41.173+300><thread=4028 (0xFBC)>
    Failed to delete orphaned content folder \\prep-dpsccm12\WSUS Updates\Win 7 Updates for Sept 2012, error 0x5 $$<SMS_WSUS_SYNC_MANAGER><02-26-2014 14:00:41.199+300><thread=4028 (0xFBC)>
    Deleting file \\?\UNC\prep-dpsccm12\WSUS Updates\XP Updates Until Sept 30\17165524-99fa-49f7-91e6-457d43d4a48e\Windows-KB890830-V4.12.exe, FAILED, Win32 Error = 5 $$<SMS_WSUS_SYNC_MANAGER><02-26-2014 14:00:41.228+300><thread=4028 (0xFBC)>
    Failed to delete orphaned content folder \\prep-dpsccm12\WSUS Updates\XP Updates Until Sept 30, error 0x5 $$<SMS_WSUS_SYNC_MANAGER><02-26-2014 14:00:41.254+300><thread=4028 (0xFBC)>
    It appears to me that when doing a Sync, it's still trying to use my OLD WSUS server instead of my new one. I removed the Software Update Point from the OLD WSUS server and uninstalled WSUS from it. I'm not sure why it's still trying to sync from the old
    server rather than the new one. Any ideas?
    Thanks... Frank

  • Bit locker and one drive

    HI.
    I would like to find out what would happen if I were to user the bit-locker to encrypt my drive and all it files but at the same time ,the files that's in my one-drive are synced with 365 and shared among many other users.
    When they open their one drive will the file I updated be encrypted forcing them to enter a decryption password as well.
    thanks

    no
    The file encryption is part of the filesystem. When the file is transferred it is sent unencrypted.
    MCP/MCSA/MCTS/MCITP

  • Bit locker code /letters wont go in, even when I cut and paste it all in, it doesn't go through. I'm new to computers. Is this a con to get us to download shite?

     Hi, I forgot my memory stick code. My bit locker code letters wont show on screen, even when I cut and paste it all in nothing happens, is this a con to get me to download shite I don't want.

    Hi Franko,
    We discuss SQL Server PowerPivot for Excel related issue in this forum. According to your description, it is more related to Windows Security. I would suggest you discuss this issue at the following forum for better support:
    Windows Security forum:
    http://social.technet.microsoft.com/Forums/windows/en-US/home?forum=w7itprosecurity
    Regards,
    Elvis Long
    TechNet Community Support

  • Bit locker encryption requests key unless I suspend and resume the encryption

    I am rolling out new computers with Windows 7 Enterprise OS on them.  I am installing bit locker encryption on them.  For some reason with this group of computers, and I recently rolled out a different batch of computers without this problem,
    after encrypting, I must suspend and resume bit locker or upon restart of shutdown and start the user is prompted for the bit locker encryption key.

    Hi,
    Could you please tell some more details about the issue? What do you want to achieve here? To enable bitlocker without the prompt of the startup key? If it is , then please take a check if we have  Require
    additional authentication at startup  policy enabled.
    Besides, could you please have a share for how do you enable bitlocker?
    And here is a guide for bitlocker in Windows 7, just for reference:
    BitLocker Drive Encryption Step-by-Step Guide for Windows 7
    BitLocker Drive Encryption in Windows 7: Frequently Asked Questions
    Hope this may help
    Best regards
    Michael Shao
    TechNet Community Support

  • HT1846 The 2012 Mac Mini's are listed on this article. Can I run windows 7 64-bit on it and/or the 32-bit?

    The 2012 Mac Mini's are listed on this article. Can I run windows 7 64-bit on it and/or the 32-bit?

    I would buy nothing less than Windows 7 64-bit Pro.
    32-bit only addresses 3.5 GB RAM ... 2012 Macminis can hold 16 GB.
    64-bit Home addresses 16 GB RAM.
    64-bit Pro addresses 192 GB RAM and han an XP mode.
    This is all about having a good version of Windows for future use.  Yu can buy "Syem Builder" version of 64-bit Pro for $140.

  • Win-64 bit and premier Cs3

    We have just upgrated our OS to Win-64 bit, though we do not want to upgrade the Cs3 to Cs4 , yet. Is there any way to work efficiently with Cs3 and Win 64?
    thank you

    Hi Dan,
    Glad that XP-64 is working for you. Yes, there were many problems reported. Unfortunately, a lot of those posts are probably history, since the forum change over. You are probably correct that many of the problems stemmed from something else entirely, but quite a few uninstalled XP-64 and went back to XP-Pro and their problems were cured. Obviously, other issues could well have been fixed with a major OS overhaul. I would expect that some were fixed, not by the OS change, but the process of making that change. Same for some, who went to Vista, primarily 32-bit - problems disappeared (with what was it, the 3.0.2 update?). Again, what cured the problems? Could be the OS, or the process of changing the OS. We'll never know.
    There is also the possibility that many did not list enough details for any of us to draw conclusions. You are one of the few folk, who are reporting success. Many of those, for whom it worked add a big "But!" with things like all is OK, but I cannot Capture, edit, Export, etc. Why? We'll now likely never know. I'm just going from the number of posts on XP-64 and Adobe, though they are likely history now.
    We're seeing similar posts regarding Win7 RC and many Adobe programs. Some have had all sorts of problems, but many have loved the OS and the Adobe programs. I think that this shows that issues can go far more deeply, than just the OS version. Throw in some hardware incompatibility, or some driver issues, and who knows?
    Thanks for the comments,
    Hunt

  • Slow applications start from win 2012 file server using win 7 workstations

    I hope someone can help me with why applications are slow to load i have replaced a 8 year old server running  win 2003 and replaced it with dell t620 running win 2012 r2 it is like 20 times faster but it is slower than the old server. the office has
    7 win 7 x64 machines all our applications are running from win 2012 file server. The server is set up as following the server runs with two hyper-v machines one machine runs ad, file server, dhcp, dns and printer server and the other is domino server and remote
    desktop. 
    the machine is more than capable but it is not so i started reading after i run out of ideas. i looked every where but the issue is with the server after trying everything else i did a simple test If i go to the application folder and click on it apps load
    instantly if i then type a unc path it takes from instant load to 3 and a bit seconds the same as the workstations. The same speed if I use ip address.
    network cards are intel
    i would really appreciate if somebody has suggestions that i could try
    thank you

    Hi,
    Do you mean that applications in the application folder start slowly when you access the application folder on the Windows 2012 R2 file server from Windows 7 workstations using UNC path or IP address. Do all the files in the application folder have the same
    issue? Please create a shared folder on the file server, then access the shared folder from Windows 7 workstations to check if the issue still exists.
    You could disable SMBv3 on server 2012 to check if the issue related to SMB protocol. 
    How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012
    http://support.microsoft.com/kb/2696547/en-us
    Warning: We do not recommend that you disable SMBv2 or SMBv3. Disable SMBv2 or SMBv3 only as a temporary troubleshooting measure. Do not leave SMBv2 or SMBv3 disabled.
    Best Regards,
    Mandy 
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Check Status of Bit Locker Encryption on all Computers on My Network

    I have encrypted all computers on my network with bit locker encryption.  However, for various reasons I know that there a few that are not encrypted.  Is there a tool I can use to check the encryption status of all the computers on my network?

    Hi,
    You can use MBAM to manage and monitor your computers bitlocer encryption status, please refer to the link below for more details:
    http://technet.microsoft.com/en-us/windows/hh826072.aspx
    Roger Lu
    TechNet Community Support

  • Windows 8: Bit Locker encrypted drive "Access Denied" external drive

    I rebuilt my computer and installed win 8.1 pro.  Now my external drive comes up as an empty drive with "Access denied".  Here is the kicker: I had turned off bitlocker on the external drive long ago as it interfered with automated backups.
    Running the commands suggested here:
    https://social.technet.microsoft.com/Forums/windows/en-US/738c1760-c96d-430f-9ae6-1f28f5c60998/windows-8-bit-locker-encrypted-drive-not-found-or-access-denied?forum=w8itprosecurity it shows the bitlocker but as unlocked.  Drive still shows empty.
    Any suggestions?
    Thanks,
    Markus

    Ahh, turns out to be permission issue not bitlocker (or maybe bitlocker caused it to lose permissions, don't know).
    Opened MyPc, right click on drive ->properties->security->advanced and selected apply to all.
    Markus

Maybe you are looking for

  • Query regarding BT having incorrect info

    Hi there Im currently a Sky broadband customer after moving properties im intrested in getting Infinity - when I had my original line activated the BT engineer confirmed that the cabinet im connected to does indeed have fibre hardware - however every

  • Garageband Quits Every Time I Change Audio Input/Output

    Hi. I own a Plantronics headset that came with MacSpeech Dictate when I bought that software a few years ago. It shows up on my Mac as a C-Media USB Audio device. I'm trying to use it with Garageband. So, in Garageband, I've gone into Preferences and

  • 0x80004005: app install failed - OSD SCCM 2012 R2 - randomly

                     Hi, I have visited many forums with this error before posting. Problem : During TS New computer OSD, app failed to install randomly on all model Win 7 x86 or x64. Information : App concerned : Adobe flash, office, chrome... Domain in

  • Migration to 17"

    I've tried migrating twice from a black macbook to a new 17 MPB. When I'm done many apps such as mail, FCe, Aperture, keynote, etc. either "quite unexpectedly" with out even bouncing on the dock or are "missing files". I thought I could try migrating

  • The DataSource 0CRM_LEAD_H does not exist in version A

    Hi, I am not getting any records on to BW side by any of the load(full,init/delta) When checked RSA3 in source system(CRM) there are 5 records. When checked RSA3 in source system(BW) it gives an error. error: DataSource 0CRM_LEAD_H is not defined in