Deploying the MBAM 2.0 Client
Updated: April 1, 2013
Applies To: Microsoft BitLocker Administration and Monitoring 2.0
The Microsoft BitLocker Administration and Monitoring (MBAM) Client enables administrators to enforce and monitor BitLocker drive encryption on computers in the enterprise. The BitLocker client can be integrated into an organization by deploying the client through an electronic software distribution system, such as Active Directory Domain Services, or by directly encrypting the client computers as part of the initial imaging process.
Depending on when you deploy the Microsoft BitLocker Administration and Monitoring Client, you can enable BitLocker encryption on a computer in your organization either before the end user receives the computer or afterwards by configuring Group Policy and deploying the MBAM Client software by using an enterprise software deployment system.
Deploy the MBAM Client to Desktop or Laptop Computers
After configuring Group Policy, you can use an enterprise software deployment system product like Microsoft System Center Configuration Manager 2012 or Active Directory Domain Services to deploy the MBAM Client installation Windows Installer files to target computers. You can deploy the client by using either the 32-bit or 64-bit MbamClientSetup.exe files, or the 32-bit or 64-bit MBAMClient.msi files, which are provided with the MBAM software. For more information about deploying MBAM Group Policy Objects, see Deploying MBAM 2.0 Group Policy Objects.
Deploy the MBAM Client as Part of a Windows Deployment
In organizations where computers are received and configured centrally, you can install the MBAM Client to manage BitLocker encryption on each computer before any user data is written to it. The benefit of this process is that every computer is then BitLocker encryption compliant. This method does not rely on user action because the administrator has already encrypted the computer. A key assumption for this scenario is that the policy of the organization installs a corporate Windows image before the computer is delivered to the user. If the Group Policy has been configured to require a PIN, users are prompted to set a PIN after they receive the Group Policy.
How to Use a Command Line to Install the MBAM Client
This section explains how to install the MBAM Client by using a command line.
Other Resources for Deploying the MBAM Client
You can learn more about MDOP in the TechNet Library, search for troubleshooting on the TechNet Wiki, or follow us on Facebook or Twitter.