Jump to content

Search the Community

Showing results for tags 'mbam'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Cloud
    • Azure
    • Microsoft Intune
    • Office 365
  • General Stuff
    • General Chat
    • Events
    • Site News
    • Windows News
    • Suggestion box
    • Jobs
  • MDT, SMS, SCCM, Current Branch &Technical Preview
    • How do I ?
    • Microsoft Deployment Toolkit (MDT)
    • Official Forum Supporters
    • SMS 2003
    • Configuration Manager 2007
    • Configuration Manager 2012
    • System Center Configuration Manager (Current Branch)
    • Packaging
    • scripting
    • Endpoint Protection
  • Windows Client
    • how do I ?
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows Vista
    • Windows XP
    • windows screenshots
  • Windows Server
    • Active Directory
    • Microsoft SQL Server
    • System Center Operations Manager
    • KMS
    • Windows Deployment Services
    • NAP
    • Failover Clustering
    • PKI
    • Windows Server 2008
    • Windows Server 2012
    • Windows Server 2016
    • Windows Server 2019
    • Hyper V
    • Exchange
    • IIS/apache/web server
    • System Center Data Protection Manager
    • System Center Service Manager
    • System Center App Controller
    • System Center Virtual Machine Manager
    • System Center Orchestrator
    • Lync
    • Application Virtualization
    • Sharepoint
    • WSUS

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Found 11 results

  1. Please guys, I need a help, cuz I become a mad. I have spent a lot of time for this problem, and can't solve it. I'm trying to deploy MBAM client 2.5 SP1 (September update) on Windows 10 1803 with storing recovery keys on MBAM server via SCCM2012 r2 task sequence. I have deployed MBAM server at our SQL Server with SCCM integration ( at another server with sccm 2012 r2). Also I've configure MBAM services with SSL certificate, which is created by CA. The problem is error 0x00000001 in " InvokeMbamClientDeployment.ps1" step during Task Sequence. It's absolutely strange , but when I do this step manually after logon, It works perfectly. After googling this issue, I have find many solutions, but no one helped me. Also, I can't understand how can I find the logs of this script. When task sequence get error, folder with logs doesn't created. This is my task sequence with many fixes that I can find at internet : 1) Install MBAM 2.5 SP1 with SP1 and restart 2) Disable certificate update, this step can avoid the problem with error 0x803d0006 3) Incert MBAM Cer : I copy CA certificate to ROOT, because windows 10 1803 have the problem with it. Also, I find another advice with Remove Auto Provision by a command : powershell.exe -command “New-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft -Name FVE; Set-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\FVE -Name OSEnablePrebootInputProtectorsOnSlates -Value 1 -Type DWord -Force; Set-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\Tpm\WMI -Name NoAutoProvision -Value 1 -Type DWord -Force 4) For My script I have this parametrs : powershell.exe -ExecutionPolicy Bypass -File Invoke-MbamClientDeployment.ps1 -RecoveryServiceEndpoint https://servername.domain.com/MBAMRecoveryAndHardwareService/CoreService.svc -EncryptionMethod UNSPECIFIED -IgnoreEscrowOwnerAuthFailure -IgnoreReportStatusFailure I don't have any ideas how to solve it. Please help me))
  2. Hello Everyone. I am trying to integrate SCCM 2012 R2 with MBAM 2.5 But I have problem with importing BitLocker Policy (Win32Reg_MBAMPolicy) When I run mofcomp against sms_def.mof C:\Users\scwi\Desktop>mofcomp mbam.mof Microsoft ® MOF Compiler Version 6.3.9600.16384 Copyright © Microsoft Corp. 1997-2006. All rights reserved. Parsing MOF file: mbam.mof MOF file has been successfully parsed Storing data in the repository... An error occurred while creating object 2 defined on lines 10 - 42: 0X80041002 Class, instance, or property 'SMS_Class_Template' was not found. Compiler returned error 0x80041002 Ok so I queried my WMI and I do have that class. It has to be there since I successfully importerd BitLocker Encryption Details (Win32_BitLockerEncryptionDetails) all the MOF files I got I have from MS websites below. https://technet.microsoft.com/en-us/library/dn645321.aspx https://technet.microsoft.com/en-us/library/dn656927.aspx I was able to import - Computer System Ex - Operating System Ex - Win32_BitLockerEncryptionDetails) when I removed this portion from the script: #pragma namespace ("\\\\.\\root\\cimv2\\SMS") #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) [ SMS_Report(TRUE), SMS_Group_Name("BitLocker Policy"), SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0")] Class Win32Reg_MBAMPolicy: SMS_Class_Template { [sMS_Report(TRUE),key] string KeyName; //General encryption requirements [sMS_Report(TRUE)] UInt32 OsDriveEncryption; [ SMS_Report (TRUE) ] UInt32 FixedDataDriveEncryption; [ SMS_Report (TRUE) ] UInt32 EncryptionMethod; //Required protectors properties [ SMS_Report (TRUE) ] UInt32 OsDriveProtector; [ SMS_Report (TRUE) ] UInt32 FixedDataDriveAutoUnlock; [ SMS_Report (TRUE) ] UInt32 FixedDataDrivePassphrase; //MBAM Agent fields //Policy not enforced (0), enforced (1), pending user exemption request (2) or exempted user (3) [sMS_Report(TRUE)] Uint32 MBAMPolicyEnforced; [sMS_Report(TRUE)] string LastConsoleUser; //Date of the exemption request of the last logged on user, //or the first date the exemption was granted to him on this machine. [sMS_Report(TRUE)] datetime UserExemptionDate; //Errors encountered by MBAM agent. [ SMS_Report (TRUE) ] UInt32 MBAMMachineError; [ SMS_Report (TRUE) ] string EncodedComputerName; }; I tried to integrate MBAM and sccm but I am getting this error : Unexpected Configurator error. Description: Exception thrown from feature provider. Exception: System.NullReferenceException: Object reference not set to an instance of an object. at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObjectBase.get_Item(String name) at Microsoft.Mbam.Setup.Common.CmIntegration.SmsEntities.SmsCollection.get_CollectionId() at Microsoft.Mbam.Setup.Common.CmIntegration.Implementors.CmObjectsManager.TryDeleteInvalidCollection(ISmsCollection collection) at Microsoft.Mbam.Setup.Common.CmIntegration.Implementors.CmObjectsManager.CreateAndInitializeCollection[T,U](T collectionSettings, Boolean& updated, ISmsCollection& collectionBeforeUpdate) at Microsoft.Mbam.Setup.Common.CmIntegration.Implementors.CmObjectsManager.CreateCollection(String collectionSettingsFilePath, CultureInfo desiredCulture, CMVersion cmVersion, Boolean& updated, ISmsCollection& collectionBeforeUpdate) at Microsoft.Mbam.Setup.Common.CmIntegration.CMObjects.CreateCmCollections() at Microsoft.Mbam.Setup.Common.ActionItem.Run() at Microsoft.Mbam.Setup.Common.ActionItemQueue.Run() at Microsoft.Mbam.Setup.Common.CmIntegration.CmIntegrationProvider.Enable(IProgress`1 progress, CancellationToken cancellationToken, CmIntegrationConfiguration configuration) at Microsoft.Mbam.Setup.Common.FeatureProviderBase`1.<>c__DisplayClass34`1.<InvokeAsync>b__33() at System.Threading.Tasks.Task`1.InnerInvoke() at System.Threading.Tasks.Task.Execute() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Mbam.Setup.Common.FeatureProviderBase`1.<InvokeAsync>d__36`1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Mbam.Setup.Common.FeatureProviderBase`1.<>c__DisplayClass2.<<EnableAsync>b__0>d__4.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult() at Microsoft.Mbam.Setup.Common.FeatureProviderBase`1.<EnableAsync>d__8.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Mbam.Setup.Configurator.CMUIFeatureModel.<EnableTransacted>d__4.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Mbam.Setup.Configurator.BatchTaskModel.<>c__DisplayClass5.<<Commit>b__1>d__7.MoveNext() I am assuming it is because I don't have BitLocker Policy imported to my default client inventory because MBAM 2.5 Integration wizard creates device collection MBAM managed devices . It feels like I tried everything but I know I don't so I decided to ask all the generous people to help me here.
  3. actually i made a task sequence for MBAM to encrypt all drives - it starts only, when i´m login to Windows 10, but i need it while the tasksequence is running, before starting installing Office 365 and so on. Have anyone experience for this step? the mbam-client config (last step) set the registry for "no delay" and the mbam-client-Trigger -> reg.exe ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Run /t REG_SZ /v TriggerMBAM /d "%ProgramFiles%\Microsoft\MDOP MBAM\MBAMClientUI.exe" /f will not run, have tried on different places in the tasksequence, but nothing worked ... is it in generall possible to start the encryption while running the "Installation" ... Thx for your help.
  4. Setting: I have an MBAM server 2.5. sp1 which is integrated with SCCM 2012 r2. The Recovery Keys are in its DB as well as AD. Scenario: I took a hard drive out of a machine (WS1) and placed into a USB HD enclosure which i attached to another machine (WS2).`The drive came up saying it's encrypted and if i try to unlock it, It asked for the Recovery PW. I noticed that when i used the the self-service page to recover a the password it said "invalid Key" I looked at the SQL and ran this query: SELECT TOP 1000 [Id] ,[LastUpdateTime] ,[VolumeId] ,[RecoveryKeyId] ,[RecoveryKey] ,[RecoveryKeyPackage] ,[Disclosed] FROM [MBAM Recovery and Hardware].[RecoveryAndHardwareCore].[Keys] I saw the Recovery ID key in SQL and tried it via AD and it gave me the same password. When i opened the AD object and looked under the bitlocker Tab i saw all the recovery IDs there was one that was never made it to MBAM DB. I used that one and it unlocked. I have 2 questions: 1) How can it populate the MBAM DB simultaneously as AD? 2) Lets say that I had removed the (WS1) computer 1 year ago and needed to recover the data. Where would i find the key? I just want to make the recovery process as painless as possible for the Helpdesk.
  5. Hi there, Would someone be able to direct me in the direction of deploying Windows 10, MBAM 2.5 SP1 and then encrypting through a task sequence. I have tried the WindowsNoob book but this guide is for MBAM 2.5 and I believe the method has changed? Calvin
  6. Hi Everyone, I am trying to automate MBAM Encryption during the OSD Task Sequence using the "StartMBAMEncryption.wsf" script provided in the following blog. http://blogs.technet.com/b/deploymentguys/archive/2012/02/20/using-mbam-to-start-bitlocker-encryption-in-a-task-sequence.aspx The command I use is - cscript.exe StartMBAMEncryption.wsf /MBAMServiceEndPoint:http://<MBAM Server Name>/MBAMRecoveryAndHardwareService/CoreService.svc I have used the script in both a "Install a Package" & "Run Command Line" group & both fail with the below error. Failed to run the action: Install a Package The system cannot find the file specified. (Error: 80070002; Source: Windows) Yet if I exit out of the Task Sequence, log onto the Laptop, & run the exact same command, MBAM Encryption starts first time without any problems. Any help would be much appreciated. Thanks! Jordan,
  7. Hi I have deployed Mbam 2.5 in our environment and the first tests (manual deployment of mbam client and encryption) have been successfull.(tpm and volume recovery work fine) However when trying to use the latest features, we can't get the TPM owner password to be backed up in Mbam. We use pre provisionning wih used space during the task sequence and it works fine. The user is prompted at first logon for the Pin and drive recovery is reported to the DB. However TPM password is not present. Whatever we tried, the TPM did not show up unless we suppressed pre provisionning. Has someone been able to take ownership of the TPM with preprovisioning ? During the TS, at the preprovisioning step, the Tpm shows as Enabled, Activated and Not owned, then in the log it shows that pre provisioning takes ownership. Of course, this prevents Mbam to do the same so no backup of TPM. in the following post, someone from Microsoft states that ownership is not taken, but it seems it does anyway. http://social.technet.microsoft.com/Forums/en-US/b915cd54-6371-4b28-aac7-bd3103dfd7ca/preprovisioning-bitlocker-mbam-and-tpm-password?forum=mdopmbam Thanks in advance for your feedback bruno
  8. Hello, I was curious if anyone is using MBAM and also storing the Bit Locker recovery keys in active directory? We are starting to Bit Locker all of our workstations, and we are currently storing the recovery keys in active directory. I was thinking about implementing MBAM also, but management wants the keys to be in active directory. Can you store the keys in a MBAM database as well as in active directory? My searches have given me conflicting information. Any help is much appreciated Ron
  9. 67_dbc


    Currently I am in the process of testing out the GPO settings including a pilot group of users for MDOP MBAM Bitlocker encryption. The only question I have is how do you suppress that box where it ask for Postpone/Start; (below image). I am doing this on machines who already have Windows 7 and deployed without Bitlocker enabled. First project was XP -> Windows 7 migrations. Now we are circling back around enabling Bitlocker on existing machines. All clients have MDOP MBAM 2.0 installed already. Everything works as I have intended, but with Postpone and Start GUI popping up to initiate it from the user. So we are looking to have it without any user interactions soon as Policy kicks in, so forth. I did try using the supplied regkey template in C:\Program Files\Microsoft\MDOP MBAM but I can't figure out what keys to add/remove, if any that could run without user interaction. Adding NoStartDelay DWORD doesn't seem to do anything other than display the pop-up sooner than the default 90 minute random cycle. Any suggestions is greatly appreciated. Eric Lenovo Shop - Desktops/Laptops 2000+ nodes - Windows 7 x64-bit SCCM 2012 (non-SP/CU) MBAM Server v.2.0 (non-SP1) - Stand-alone configuration with SQL
  10. I am just curious if there are steps beyond the typical enable TPM and BitLocker steps if you have an MBAM back-end. Has anyone setup an OSD for this scenario? I assume the MBAM client piece needs to be installed as well. Just trying to find the best way to encrypt laptops during the imaging process and have them connect up with MBAM or maybe i'm going about this all wrong. Any info would be great. Thanks, EDIT: Found the link below which I believe will do what I need. http://blogs.technet.com/b/deploymentguys/archive/2012/02/20/using-mbam-to-start-bitlocker-encryption-in-a-task-sequence.aspx If anyone has any info to add, please feel free to do so.
  11. Hi, I recently installed a Microsoft Bitlocker administration and monitoring server in my production environment (all componenets installed on the same machine) after installation i opened Group policy managment console and created a new GPO, while searching i discovered that while the admx files resides on the machine under %systemroot%\policyDefinitions\ it does not show me the new MBAM options when i am editing the GPO, all i can see is "Policy definitions retrieved from the central store" from what i understand i should see them under Computer Configuration -> Administrative Templates -> Windows componenets Can someone please help me? Regards, Adi
  • Create New...