Jump to content

Sign in to follow this  

SCCM 2012 R2 & MBAM & OSD

Recommended Posts



I'm looking for some guidance in deploying getting MBAM to be part of our OSD task sequence. I have the MBAM server setup and it's working now my next hurdle is to get the MBAM client to deploy as part of the task sequence. I have downloaded the PS script "Invoke-MBAMCleintDeployment.ps1 however I'm having issue finding documentation to actually assist in implementing it. I could really use a step by step how to guide! Can anyone please assist with this? I have watched the vids from the TechNet events but they skip over a couple key piece that I seem to be missing.


Any help in getting this to function properly in my environment would be greatly appreciated!

Share this post

Link to post
Share on other sites

i'm not using that method (script) however it's documented somewhat here, note that this is for MBAM 2.5sp1 are you using that version or an earlier version ?


  1. In the State Restore folder, delete the Enable BitLocker task.

  2. In the State Restore folder under Custom Tasks, create a new Install Application task and name it Install MBAM Agent. Click the Install Single Application radio button and browse to the MBAM 2.5 SP1 client application created earlier.

  3. In the State Restore folder under Custom Tasks, create a new Run PowerShell Script task (after the MBAM 2.5 SP1 Client application step) with the following settings (update the parameters as appropriate for your environment):

    • Name: Configure BitLocker for MBAM
    • PowerShell script: Invoke-MbamClientDeployment.ps1
    • Parameters:



      MBAM recovery service endpoint



      MBAM status reporting service endpoint



      Encryption method (default: AES 128)



      Specify to encrypt data volume(s) and escrow data volume recovery key(s)



      Specify to wait for the encryption to complete



      Specify that the deployment script will not resume suspended encryption



      Specify to ignore TPM owner-auth escrow failure. It should be used in the scenarios where MBAM is not able to read the TPM owner-auth, e.g. if TPM auto provisioning is enabled



      Specify to ignore volume recovery key escrow failure



      Specify to ignore status reporting failure

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...