Evaluating MBAM 2.5 in a test environment
This article describes how you can set up a test environment to evaluate Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 in the stand-alone or System Center Configuration Manager integration topology.
To evaluate MBAM by using the stand-alone topology, use the information in the following tables to install the MBAM server software, and then configure the MBAM server features in your test environment.
Before installing MBAM, do the following:
- Ensure that you have installed all of the prerequisite software. For more information, see MBAM 2.5 server prerequisites for stand-alone and Configuration Manager integration topologies.
- Check the required hardware, RAM, and other specifications. For more information, see MBAM 2.5 supported configurations.
- Review the prerequisites for using Windows PowerShell if you plan to use the cmdlets to configure MBAM. For more information, see Configuring MBAM 2.5 server features by using Windows PowerShell.
Install the MBAM server software, and then configure the features you want.
- Install the MBAM server software on each server where you want to configure an MBAM server feature. For more information, see Installing the MBAM 2.5 server software.
- Configure the Compliance and Audit Database and the Recovery Database. For more information, see How to configure the MBAM 2.5 databases.
- Configure the Reports feature. For more information, see How to configure the MBAM 2.5 reports.
- Configure the web applications. For more information, see How to configure the MBAM 2.5 web applications.
On a client computer, do the following:
Install the MBAM client on a client computer.
Apply the MBAM Group Policy Objects (GPOs) to the computer.
Set the following registry keys to force the MBAM client to wake up faster and at regular intervals:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement "ClientWakeupFrequency"=dword:00000001 "StatusReportingFrequency"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM] "NoStartupDelay"=dword:00000001
Because these keys wake up the MBAM client every minute, we recommend that you use these registry key settings only in a test environment.
Restart the BitLocker Management Client Service.
To evaluate MBAM by using the Configuration Manager Integration topology, use the information in the following tables to install the MBAM server software, and then configure the MBAM server features in your test environment. After installing the MBAM client on a client computer, you will complete additional steps to force the MBAM client to report the computer's status to MBAM more quickly.
Before installing MBAM, review the prerequisite software and supported configuration.
- Ensure that you have installed all of the prerequisite software. For more information, see the following articles:
- Check the required hardware, RAM, and other specifications. For more information, see MBAM 2.5 supported configurations.
- Review the prerequisites for using Windows PowerShell if you plan to use the cmdlets to configure MBAM. For more information, see Configuring MBAM 2.5 server features by using Windows PowerShell.
- Create or edit the .mof files. For more information, see the following articles:
Install the MBAM server software, and then configure the features you want.
Install the MBAM server software on each server where you want to configure an MBAM server feature. For more information, see Installing the MBAM 2.5 Server Software
You can install the databases to a remote SQL Server computer by using Windows PowerShell or an exported data-tier application (DAC) package. For more information about DAC packages, see Data-tier applications (DAC).
Configure the Compliance and Audit Database and the Recovery Database. For more information, see How to configure the MBAM 2.5 databases.
Configure the Reports feature. For more information, see How to configure the MBAM 2.5 reports.
Configure the web applications. For more information, see How to configure the MBAM 2.5 web applications.
Configure the System Center Configuration Manager to install the Configuration Manager objects. For more information, see How to configure the MBAM 2.5 System Center Configuration Manager integration.
On a client computer, do the following:
Install the MBAM client and the Configuration Manager Client on a client computer.
Apply the MBAM Group Policy Objects to the computer.
Set the following registry keys to force the MBAM client to wake up faster and at regular intervals:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement "ClientWakeupFrequency"=dword:00000001 "StatusReportingFrequency"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM] "NoStartupDelay"=dword:00000001
Because these keys wake up the MBAM client every minute, we recommend that you use these registry key settings only in a test environment.
Restart the BitLocker Management Client Service.
In Control Panel, open Configuration Manager, and then click the Actions tab.
Select Hardware Inventory Cycle, and then click Run Now. This step runs the hardware inventory by using the new classes that you imported to your .mof files, and then sends the data to the Configuration Manager server.
Select Machine Policy Retrieval & Evaluation Cycle, and then click Run Now to apply the Group Policy Objects that are relevant to that client computer.
In the Configuration Manager console, do the following:
In the navigation pane, right-click MBAM Supported Computers, click Update Membership, and then click Yes to force the client computer to report its membership immediately.
In the navigation pane, click MBAM Supported Computers to verify that the client computer appears in the collection.
On the client computer, in Control Panel, reopen Configuration Manager again, and do the following:
Click the Actions tab, and then rerun Machine Policy Retrieval & Evaluation Cycle.
Click the Configurations tab, select the BitLocker baseline, and then click Evaluate.
In the Configuration Manager console, verify that the client computer appears on the Enterprise Compliance Report: as follows:
In the navigation pane, select the Monitoring workspace.
In the console tree, expand Overview > Reporting > Reports > MBAM.
Select the folder that represents the language in which you want to view reports, and then select the report in the results pane.
To evaluate MBAM by using the Configuration Manager Integration topology, follow the same steps to install and configure MBAM in your test environment as you use in a production environment. After installing the MBAM client on a client computer, complete the additional steps in this topic to enable the MBAM client to start reporting the computer's status to MBAM more quickly.
Before you install MBAM, do the following tasks:
Ensure that you have installed all of the prerequisite software. For more information, see the following articles:
Check the required hardware, RAM, and other specifications. For more information, see MBAM 2.5 supported configurations.
Create or edit the .mof files. For more information, see the following articles:
Install the MBAM server software, and then configure the features you want.
Install the MBAM server software on each server where you want to configure an MBAM server feature. For more information, see Installing the MBAM 2.5 server software.
You can install the databases to a remote SQL Server computer by using Windows PowerShell or an exported data-tier application (DAC) package. For more information about DAC packages, see Data-tier applications (DAC).
Configure the Compliance and Audit Database and the Recovery Database. For more information, see How to configure the MBAM 2.5 databases.
Configure the Reports feature. For more information, see How to configure the MBAM 2.5 reports.
Configure the web applications. For more information, see How to configure the MBAM 2.5 web applications.
Configure the System Center Configuration Manager to install the Configuration Manager objects. For more information, see How to configure the MBAM 2.5 System Center Configuration Manager integration.
On a client computer, do the following:
Install the MBAM client on a client computer.
Apply the MBAM Group Policy Objects to the computer.
Set the following registry keys to force the MBAM client to wake up more quickly and at faster intervals:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement "ClientWakeupFrequency"=dword:00000001 "StatusReportingFrequency"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM] "NoStartupDelay"=dword:00000001
Because these keys wake up the MBAM client every minute, we recommend that you use these registry key settings only in an evaluation environment.
Restart the BitLocker Management Client Service.
In Control Panel, open Configuration Manager, and then click the Actions tab.
Select Machine Policy Retrieval & Evaluation Cycle, and then click Run Now to apply the Group Policy Objects that are relevant to that client computer.
Select Hardware Inventory Cycle, and then click Run Now. This step runs the hardware inventory by using the new classes that you imported to your .mof files and then sends the data to the Configuration Manager server.
In the Configuration Manager console, do the following:
In the navigation pane, right-click MBAM Supported Computers, click Update Membership, and then click Yes to force the client computer to report its membership immediately.
In the navigation pane, click MBAM Supported Computers to verify that the client computer appears in the collection.
On the client computer, in Control Panel, reopen Configuration Manager again, and do the following:
Click the Actions tab, and then rerun Machine Policy Retrieval & Evaluation Cycle.
Click the Configurations tab, select the BitLocker baseline, and click Evaluate.
In the Configuration Manager console, verify that the client computer appears on the Enterprise Compliance Report, as follows
In the navigation pane, expand Computer Management > Reporting > Reporting Services > <server name>MBAM.
Within the MBAM node, select the folder that represents the language in which you want to view reports, and then select the report from the results pane.