Everything posted by huggans.sean
You can also add a DWORD reg value in HKLM\SOFTWARE\Microsoft\MBAM called "NoStartUpDelay" and set it to 1 in the registry to disable the random delay to display the wizard. You can just restart the BitLocker Management Service after making this change - the wizard will show in around a minute with this key set. Remember the wizard will never show up through straight RDP (Remote Desktop) - it WILL show up via SCCM remote control though! I would test and test again before making this setting part of your standard MBAM config.
Nevermind, I was using an old 8460w to test - it was in UEFI mode, which those models have a half implementation of (no secure boot) due to flash chip size limitations. All is well testing with a newer model!
Hey Niall, Are you able to encrypt on machines with TPM 1.2 chips in secure boot mode with your TP managed MBAM? Having issues on my end with it. Setting the TPM validation profile to leave out the secure boot stuff manually via group policy hasn't worked. This will be a problem in production if it's not possible. BitLocker-API log stating "BitLocker determined that the TCG log is invalid for use of Secure Boot. The filtered TCG log for PCR is included in this event." I'll keep hunting on this end!