Jump to content


  • 0
CarmenPayne

SCCM 2012 R2 & MBAM & OSD

Asked by CarmenPayne

Question

CarmenPayne Newbie

CarmenPayne

Posted
Posted

Hello

 

I'm looking for some guidance in deploying getting MBAM to be part of our OSD task sequence. I have the MBAM server setup and it's working now my next hurdle is to get the MBAM client to deploy as part of the task sequence. I have downloaded the PS script "Invoke-MBAMCleintDeployment.ps1 however I'm having issue finding documentation to actually assist in implementing it. I could really use a step by step how to guide! Can anyone please assist with this? I have watched the vids from the TechNet events but they skip over a couple key piece that I seem to be missing.

 

Any help in getting this to function properly in my environment would be greatly appreciated!

Share this post

Link to post
Share on other sites

1 answer to this question

Recommended Posts

  • 0
anyweb Proficient

anyweb

Posted
Posted

i'm not using that method (script) however it's documented somewhat here, note that this is for MBAM 2.5sp1 are you using that version or an earlier version ?

 

  1. In the State Restore folder, delete the Enable BitLocker task.

  2. In the State Restore folder under Custom Tasks, create a new Install Application task and name it Install MBAM Agent. Click the Install Single Application radio button and browse to the MBAM 2.5 SP1 client application created earlier.

  3. In the State Restore folder under Custom Tasks, create a new Run PowerShell Script task (after the MBAM 2.5 SP1 Client application step) with the following settings (update the parameters as appropriate for your environment):

    • Name: Configure BitLocker for MBAM
    • PowerShell script: Invoke-MbamClientDeployment.ps1
    • Parameters:

      -RecoveryServiceEndpoint

      Required

      MBAM recovery service endpoint

      -StatusReportingServiceEndpoint

      Optional

      MBAM status reporting service endpoint

      -EncryptionMethod

      Optional

      Encryption method (default: AES 128)

      -EncryptAndEscrowDataVolume

      Switch

      Specify to encrypt data volume(s) and escrow data volume recovery key(s)

      -WaitForEncryptionToComplete

      Switch

      Specify to wait for the encryption to complete

      -DoNotResumeSuspendedEncryption

      Switch

      Specify that the deployment script will not resume suspended encryption

      -IgnoreEscrowOwnerAuthFailure

      Switch

      Specify to ignore TPM owner-auth escrow failure. It should be used in the scenarios where MBAM is not able to read the TPM owner-auth, e.g. if TPM auto provisioning is enabled

      -IgnoreEscrowRecoveryKeyFailure

      Switch

      Specify to ignore volume recovery key escrow failure

      -IgnoreReportStatusFailure

      Switch

      Specify to ignore status reporting failure

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Go to question listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.