Jump to content


anyweb

On-premises BitLocker management using System Center Configuration Manager

By anyweb, in System Center Configuration Manager (Current Branch)

Recommended Posts

anyweb Proficient

anyweb

Posted
Posted

ok so on the real computer, i assume you are not RDP'ing to it during testing ? and secondly, what settings did you pick ? what type of computer is it ?

Share this post

Link to post
Share on other sites
Mohsin Husen Newbie

Mohsin Husen

Posted
Posted

Hello,

For your update..

Now MBAM drive encryption message box appeared. i have start encryption. and Recovery key is stored in database also.

 

observation:- After MBAM policy applied on system, its is taking too much time to displayed MBAM drive encryption message box. Approx. 60 minute.

 

Share this post

Link to post
Share on other sites
anyweb Proficient

anyweb

Posted
Posted

and what have you configured your client policy to refresh at ? the default is 60 minutes for configmgr client policy, and 90 minutes for the mbam policy checks

triggering machine policy manually will check immediately

Share this post

Link to post
Share on other sites
anyweb Proficient

anyweb

Posted
Posted

dont confuse the ConfigMgr client policy (default 60 minutes) with the MBAM client check policy (default 90 minutes). Full disk encryption always takes time, that's the way it is, the only 'fast' encryption is something called used space only, which you can do with OSD task sequences with a Pre-Provision BitLocker step during operating system deployment. And for laptops yes connect power so it doesn't power off during encryption.

Share this post

Link to post
Share on other sites
huggans.sean Newbie

huggans.sean

Posted
Posted
On ‎8‎/‎5‎/‎2019 at 6:46 AM, Mohsin Husen said:

Hello,

For your update..

Now MBAM drive encryption message box appeared. i have start encryption. and Recovery key is stored in database also.

 

observation:- After MBAM policy applied on system, its is taking too much time to displayed MBAM drive encryption message box. Approx. 60 minute.

 

 

You can also add a DWORD reg value in HKLM\SOFTWARE\Microsoft\MBAM called "NoStartUpDelay" and set it to 1 in the registry to disable the random delay to display the wizard.  You can just restart the BitLocker Management Service after making this change - the wizard will show in around a minute with this key set.  Remember the wizard will never show up through straight RDP (Remote Desktop) - it WILL show up via SCCM remote control though!  I would test and test again before making this setting part of your standard MBAM config.

MBAMNoStartupDelay.PNG

  • Thanks 1

Share this post

Link to post
Share on other sites
anyweb Proficient

anyweb

Posted
Posted

First things first. the BitLocker capability I blogged about above is not yet released, it's still in technical preview as of todays date, however it's coming soon. Secondly, you state you want to export the keys, what keys exactly ? are you referring to Sophos disk encryption ?

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.