Jump to content


  • 0
brpo

Tpm backup to Mbam with Bitlocker Preprovisioning

Question

Hi

I have deployed Mbam 2.5 in our environment and the first tests (manual deployment of mbam client and encryption) have been successfull.(tpm and volume recovery work fine)

 

However when trying to use the latest features, we can't get the TPM owner password to be backed up in Mbam.

We use pre provisionning wih used space during the task sequence and it works fine. The user is prompted at first logon for the Pin and drive recovery is reported to the DB. However TPM password is not present.

Whatever we tried, the TPM did not show up unless we suppressed pre provisionning.

 

Has someone been able to take ownership of the TPM with preprovisioning ?

 

During the TS, at the preprovisioning step, the Tpm shows as Enabled, Activated and Not owned, then in the log it shows that pre provisioning takes ownership. Of course, this prevents Mbam to do the same so no backup of TPM.

in the following post, someone from Microsoft states that ownership is not taken, but it seems it does anyway.

 

http://social.technet.microsoft.com/Forums/en-US/b915cd54-6371-4b28-aac7-bd3103dfd7ca/preprovisioning-bitlocker-mbam-and-tpm-password?forum=mdopmbam

 

Thanks in advance for your feedback

bruno

Share this post


Link to post
Share on other sites

4 answers to this question

Recommended Posts

  • 0

Hi

thanks for the feedback.

What we would like is to store the TPM key into MBAM as we then have a single place to look for Support, as we don't have proper AD rights anyway.

Alternatively use a single password for TPM but start encryption during TS (I am working on this alternative right now).

Brgds

bruno

Share this post


Link to post
Share on other sites

  • 0

Hi

I forgot to post feedback on this when i finally found the solution

we used Alex Semi s script to launch encryption and by default the mdt scripts force ownership to AD.

I put a few comments in the code and the Mbam part is now fully functional.

 

bruno

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.