Jump to content

Recommended Posts

Currently I am in the process of testing out the GPO settings including a pilot group of users for MDOP MBAM Bitlocker encryption. The only question I have is how do you suppress that box where it ask for Postpone/Start; (below image). I am doing this on machines who already have Windows 7 and deployed without Bitlocker enabled. First project was XP -> Windows 7 migrations. Now we are circling back around enabling Bitlocker on existing machines. All clients have MDOP MBAM 2.0 installed already.


Everything works as I have intended, but with Postpone and Start GUI popping up to initiate it from the user.


So we are looking to have it without any user interactions soon as Policy kicks in, so forth.


I did try using the supplied regkey template in C:\Program Files\Microsoft\MDOP MBAM but I can't figure out what keys to add/remove, if any that could run without user interaction.

Adding NoStartDelay DWORD doesn't seem to do anything other than display the pop-up sooner than the default 90 minute random cycle.


Any suggestions is greatly appreciated.




Lenovo Shop - Desktops/Laptops

2000+ nodes - Windows 7 x64-bit

SCCM 2012 (non-SP/CU)

MBAM Server v.2.0 (non-SP1) - Stand-alone configuration with SQL


Share this post

Link to post
Share on other sites


I normally use the same script as I do for OSD deployment when deploying MBAM/bitlocker for computer after os deployment as you probably will have to modify the TPM Settings as well, then I use the same script for enabling Bitlocker using MBAM as during OSD as well.

Have you set a GPO to force encryption on the Operating system drive?


Share this post

Link to post
Share on other sites

Appreciate the quick response Jorgen.


Can you elaborate more on the GPO to force encryption? If you mean, do I have MBAM MDOP GPO configured with services/reporting then yes, I do. My only issue is suppressing that Client UI box, what area of focus am I needing to look at suppressing it so users are not required to click on anything? I just want to silently encrypt drives without user interact.


Through SCCM, I am using the UDI Wizard using ZTIBde.wsf from the UDI Wizard, so I am not sure what to use to apply that outside of SCCM via logon script or SCCM deployment, have examples perhaps?


I did attempt using this link. - http://blogs.technet.com/b/deploymentguys/archive/2012/02/20/using-mbam-to-start-bitlocker-encryption-in-a-task-sequence.aspx


But what I notice is I can't get it to work on MDOP MBAM 2.0 clients, only works on 1.0 clients. Can someone confirm this is true as well? If I am wrong, can I get a sample of how you are suppressing that Client UI pop-up with GPO configured?



Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...