Export (0) Print
Expand All

How to Edit MBAM 2.0 GPO Settings

Updated: April 1, 2013

Applies To: Microsoft BitLocker Administration and Monitoring 2.0

To successfully deploy Microsoft BitLocker Administration and Monitoring (MBAM), you first have to determine the Group Policies that you will use in your implementation of Microsoft BitLocker Administration and Monitoring. See Planning for MBAM 2.0 Group Policy Requirements for more information on the different policies that are available. After you have determined the policies that you are going to use, you then must modify one or more Group Policy Objects (GPO) that include the policy settings for MBAM.

You can use the following steps to configure the basic, recommended GPO settings to enable MBAM to manage BitLocker encryption for your organization’s client computers.

To Edit MBAM Client GPO Settings

  1. On a computer that has MBAM Group Policy template installed, make sure that MBAM services are enabled.

  2. Using the Group Policy Management Console (GPMC.msc) or the Advanced Group Policy Management (AGPM) MDOP product on a computer with the MBAM Group Policy template installed, select Computer configuration, choose Policies, click Administrative Templates, select Windows Components, and then click MDOP MBAM (BitLocker Management).

  3. Edit the Group Policy Object settings that are required to enable MBAM Client services on client computers. For each policy in the table that follows, select Policy Group, click the Policy, and then configure the Setting:

     

    Policy Group Policy Setting

    Client Management

    Configure MBAM Services

    Enabled. Set MBAM Recovery and Hardware service endpoint and Select BitLocker recovery information to store. Set MBAM compliance service endpoint and Enter status report frequency in (minutes).

    Operating System Drive

    Operating system drive encryption settings

    Enabled. Set Select protector for operating system drive. Required to save operating system drive data to the MBAMKey Recovery server.

    Removable Drive

    Control Use of BitLocker on removable drives

    Enabled. Required if MBAM will save removable drive data to the MBAM Key Recovery server.

    Fixed Drive

    Control Use of BitLocker on fixed drives

    Enabled. Required if MBAM will save fixed drive data to the MBAM Key Recovery server.

    Set Choose how BitLocker-protected drives can be recovered and Allow data recovery agent.

    ImportantImportant
    Depending on the policies that your organization decides to deploy, you may have to configure additional policies. See Planning for MBAM 2.0 Group Policy Requirements for Group Policy configuration details for all of the available MBAM GPO policy options.

See Also

-----
You can learn more about MDOP in the TechNet Library, search for troubleshooting on the TechNet Wiki, or follow us on Facebook or Twitter.
-----
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft