A Client Authentication certificate template has been enabled and an auto-enrollment policy is in place.The Enterprise CA running on ANSTALLDC (along with Active Directory) provides the PKI. SCCM 2012 is configured to use HTTPS with mutual authentication.Virtual machines are running on a Hyper-V 2008 R2 SP1 host.Microsoft Bitlocker and Administration ServerIISSQL ServerAll MBAM roles SCCM 2012Management Point Distribution PointSQL Server MachineĪctive Directory Domain Controller DNSEnterprise CA My test lab consists of three virtualized servers and two physical (client) laptops. This post assumes a functional MBAM Server exists in the environment. Remove computer information from SCCM 2012.Import Computer information into SCCM 2012.Create and populate SCCM test collections.Understand how authentication certificates work.Create and edit group policies using the Group Policy Management Console.This post assumes the reader is a Windows Server 2008 and SCCM 2007/2012 MCITP or equivalent. CCTK.exe, the BIOS configuration utility used in this example, is specific to Dell hardware. Note: This environment uses Dell laptops as test machines. At first logon, the laptop user should be prompted to enter a BitLocker PIN.Instruct the MBAM agent to encrypt the OS partition using BItLocker.Instruct the MBAM agent to take ownership of the TPM.Install the MBAM agent and configure the agent to communicate with the MBAM server.Using an automated BIOS configuration utility, place the Trusted Protection Module (TPM) in the proper state for MBAM to take ownership.Provision a laptop with a Windows 7 operating system using SCCM OSD.NOTE: MBAM is part of the Microsoft Desktop Optimization Pack and is offered at no charge to qualifying SA customers. I hope to consolidate information into an end-to-end solution. There are a number of very good posts regarding SCCM and MBAM, but just pieces of the solution. This multipart post will cover deploying the Microsoft Bitlocker and Administration agent (MBAM) via an SCCM 2012 Operating System Deployment (OSD) task sequence.
0 kommentar(er)
