Enable-MbamWebApplication

Letzte Aktualisierung: August 2015

Betrifft: Microsoft BitLocker Administration and Monitoring 2.5, Microsoft BitLocker Administration and Monitoring 2.5 SP1

Enable-MbamWebApplication

Enables a web application.

Syntax

Parameter Set: ParameterSetAdministrationPortal
Enable-MbamWebApplication -AdministrationPortal -AdvancedHelpdeskAccessGroup <String> -HelpdeskAccessGroup <String> -ReportsReadOnlyAccessGroup <String> -ReportUrl <Uri> [-Certificate <X509Certificate2> ] [-CMIntegrationMode] [-ComplianceAndAuditDBConnectionString <String> ] [-HostName <String> ] [-InstallationPath <String> ] [-Port <Int32> ] [-RecoveryDBConnectionString <String> ] [-SkipValidation] [-VirtualDirectory <String> ] [-WebServiceApplicationPoolCredential <PSCredential> ] [ <CommonParameters>]

Parameter Set: ParameterSetAgentService
Enable-MbamWebApplication -AgentService [-Certificate <X509Certificate2> ] [-CMIntegrationMode] [-ComplianceAndAuditDBConnectionString <String> ] [-DataMigrationAccessGroup <System.String> ] [-HostName <String> ] [-InstallationPath <String> ] [-Port <Int32> ] [-RecoveryDBConnectionString <String> ] [-SkipValidation] [-TpmLockoutAutoReset] [-WebServiceApplicationPoolCredential <PSCredential> ] [ <CommonParameters>]

Parameter Set: ParameterSetSelfServicePortal
Enable-MbamWebApplication -SelfServicePortal [-Certificate <X509Certificate2> ] [-CompanyName <System.String> ] [-ComplianceAndAuditDBConnectionString <String> ] [-HelpdeskUrl <System.Uri> ] [-HelpdeskUrlText <System.String> ] [-HostName <String> ] [-InstallationPath <String> ] [-NoticeTextPath <System.String> ] [-Port <Int32> ] [-RecoveryDBConnectionString <String> ] [-SkipValidation] [-VirtualDirectory <String> ] [-WebServiceApplicationPoolCredential <PSCredential> ] [ <CommonParameters>]




Detaillierte Beschreibung

The Enable-MbamWebApplication cmdlet enables a Microsoft BitLocker Administration and Monitoring (MBAM) web application on the local server. The cmdlet enables one of the following web applications:

-- Administration and Monitoring Website
-- Agent Services
-- Self-Service Portal

Parameter

-AdministrationPortal

Indicates that this cmdlet acts on the Administration and Monitoring Website web application.


Aliasse

none

Erforderlich?

true

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

false

Platzhalterzeichen akzeptieren?

false

-AdvancedHelpdeskAccessGroup<String>

Specifies a domain user group. This group has permissions for all areas of the Administration and Monitoring Website web application, except for reports.


Aliasse

AdvancedHelpdeskGroup

Erforderlich?

true

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

True (ByPropertyName)

Platzhalterzeichen akzeptieren?

false

-AgentService

Indicates that this cmdlet acts on the Agent Services web application.


Aliasse

none

Erforderlich?

true

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

false

Platzhalterzeichen akzeptieren?

false

-Certificate<X509Certificate2>

Specifies the certificate to use for encrypted web communications. If you do not specify a certificate, web communications are not encrypted.


Aliasse

none

Erforderlich?

false

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

True (ByValue, ByPropertyName)

Platzhalterzeichen akzeptieren?

false

-CMIntegrationMode

Indicates that all reports, except the Recovery Audit Report, are integrated into Microsoft System Center Konfigurations-Manager. If you enable the System Center Konfigurations-Manager Integration feature, specify this parameter.


Aliasse

CMMode

Erforderlich?

false

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

false

Platzhalterzeichen akzeptieren?

false

-CompanyName<System.String>

Specifies the company name associated with the web application.


Aliasse

none

Erforderlich?

false

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

true(ByPropertyName)

Platzhalterzeichen akzeptieren?

false

-ComplianceAndAuditDBConnectionString<String>

Specifies a connection string. The web application uses the string that this parameter specifies to connect to the Compliance and Audit Database feature. The connection string must contain values for the Integrated Security and Initial Catalog fields.

If you do not specify this parameter, the cmdlet uses the connection string that you previously specified for any enabled web application. All of the web applications connect to the Compliance and Audit Database by using the same connection string. If you specify connection strings more than once, web applications will use the most recent value.


Aliasse

ComplianceDB

Erforderlich?

false

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

True (ByPropertyName)

Platzhalterzeichen akzeptieren?

false

-DataMigrationAccessGroup<System.String>

Specifies the domain user group that is authorized to migrate Recovery information to MBAM server.


Aliasse

DataMigrationGroup

Erforderlich?

false

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

true(ByPropertyName)

Platzhalterzeichen akzeptieren?

false

-HelpdeskAccessGroup<String>

Specifies the domain user group that has permissions for the Manage TPM and Drive Recovery areas of the Administration and Monitoring Website web application.


Aliasse

HelpdeskGroup

Erforderlich?

true

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

True (ByPropertyName)

Platzhalterzeichen akzeptieren?

false

-HelpdeskUrl<System.Uri>

Specifies the URL for the MBAM help desk site.


Aliasse

none

Erforderlich?

false

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

true(ByPropertyName)

Platzhalterzeichen akzeptieren?

false

-HelpdeskUrlText<System.String>

Specifies the helpdesk link text that will be displayed on the self-service portal.


Aliasse

none

Erforderlich?

false

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

true(ByPropertyName)

Platzhalterzeichen akzeptieren?

false

-HostName<String>

Specifies a host name. If you do not specify a host name, the cmdlet uses the fully qualified host name of the local computer. Ensure that you specify the same host name for all of the web applications.


Aliasse

none

Erforderlich?

false

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

True (ByPropertyName)

Platzhalterzeichen akzeptieren?

false

-InstallationPath<String>

Specifies the installation path of the web application. The installation process creates a folder named Microsoft BitLocker Management Solution in location that this parameter specifies. If you do not specify a path, the cmdlet uses <IIS inetpub path>. Specify the same installation path for all of the web applications.


Aliasse

none

Erforderlich?

false

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

True (ByPropertyName)

Platzhalterzeichen akzeptieren?

false

-NoticeTextPath<System.String>

Specifies the absolute path to the text file (.txt) that contains the notice text.


Aliasse

none

Erforderlich?

false

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

true(ByPropertyName)

Platzhalterzeichen akzeptieren?

false

-Port<Int32>

Specifies the web service port. If you do not specify a port, unencrypted communications use port 80, and encrypted communications use port 443. You need to specify the same value for all of the web applications.

You must configure your firewall to allow communication through the ports for the Self-Service Portal and the Administration and Monitoring Website web applications.


Aliasse

none

Erforderlich?

false

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

True (ByPropertyName)

Platzhalterzeichen akzeptieren?

false

-RecoveryDBConnectionString<String>

Specifies a connection string. The web application uses the string that this parameter specifies to connect to the Recovery Database. The connection string must contain values for the Integrated Security and Initial Catalog fields.

If you do not specify this parameter, the cmdlet uses the connection string that you previously specified for any enabled web application. All of the web applications connect to the Recovery Database by using the same connection string. If you specify connection strings more than once, web applications use the most recent value.


Aliasse

RecoveryDB

Erforderlich?

false

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

True (ByPropertyName)

Platzhalterzeichen akzeptieren?

false

-ReportsReadOnlyAccessGroup<String>

Specifies a domain user group. Specify a group that has read permissions for the Reports area of the Administration and Monitoring Website web application. The value for this parameter must be the same as the group that you specify for the ReportsReadOnlyAccessGroup parameter in the Enable-MbamReport cmdlet.


Aliasse

ReportsGroup

Erforderlich?

true

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

True (ByPropertyName)

Platzhalterzeichen akzeptieren?

false

-ReportUrl<Uri>

Specifies the URL for the reports that the Microsoft SQL Server Reporting Services instance publishes.


Aliasse

none

Erforderlich?

true

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

True (ByPropertyName)

Platzhalterzeichen akzeptieren?

false

-SelfServicePortal

Indicates that this cmdlet acts on the Self-Service Portal web application.


Aliasse

none

Erforderlich?

true

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

false

Platzhalterzeichen akzeptieren?

false

-SkipValidation

Indicates that this cmdlet bypasses validation of parameter values. If you specify this parameter, the feature may not function properly after you enable it.


Aliasse

none

Erforderlich?

false

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

false

Platzhalterzeichen akzeptieren?

false

-TpmLockoutAutoReset

Indicates that Agent Services allows TPM lockout resets.


Aliasse

none

Erforderlich?

false

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

true(ByPropertyName)

Platzhalterzeichen akzeptieren?

false

-VirtualDirectory<String>

Specifies a virtual directory for the web application. If you do not specify a virtual directory, the cmdlet uses the value HelpDesk for the Administration and Monitoring Website, or it uses the value self-service for the Self-Service Portal.


Aliasse

none

Erforderlich?

false

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

false

Platzhalterzeichen akzeptieren?

false

-WebServiceApplicationPoolCredential<PSCredential>

Specifies the domain user that the application pool for the web applications uses. If you specified a domain user group for the AccessAccount parameter when you ran the Enable-MbamDatabase cmdlet, the domain user that you specify for this parameter must be a member of that group.

If you do not specify this parameter, the cmdlet uses the credentials that you previously specified for any enabled web application. All of the web applications use the same application pool credentials. If you specify credentials for web applications more than once, web applications use the most recent value.

Important: For improved security, use an account that has limited user rights. Also, configure the account so that the password never expires. Verify that the account that you specify for this parameter is a built-in IIS_IUSRS account or has been added to the Impersonate a client after authentication and Log on as a batch job local security settings. To view the local security setting, open the Local Security Policy editor, expand the Local Policies node, click the User Rights Assignment node, and then double-click the Impersonate a client after authentication and Log on as a batch job policies in the right pane.


Aliasse

AppPoolCred

Erforderlich?

false

Position?

named

Standardwert

none

Pipelineeingaben akzeptieren?

True (ByPropertyName)

Platzhalterzeichen akzeptieren?

false

<CommonParameters>

Dieses Cmdlet unterstützt die allgemeinen Parameter: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, -OutVariable. Weitere Informationen finden Sie unter about_CommonParameters (http://go.microsoft.com/fwlink/p/?LinkID=113216).

Eingaben

Der Eingabetyp ist der Typ der Objekte, die über die Pipeline an das Cmdlet übergeben werden können.

Ausgaben

Der Ausgabetyp ist der Typ der Objekte, die vom Cmdlet ausgegeben werden.

Beispiele

Example 1: Enable Administration and Monitoring Website

This command enables the Administration and Monitoring Website web application on the current server. The portal uses the Compliance and Audit Database and the Recovery Database on ContosoDatabaseServer, and it uses the reports on ContosoReportsServer.


PS C:\> Enable-MbamWebApplication -AdministrationPortal -ComplianceAndAuditDBConnectionString "Integrated Security=SSPI;Data Source=ContosoDatabaseServer;Initial Catalog=MBAM Compliance Status" -RecoveryDBConnectionString "Integrated Security=SSPI;Data Source=ContosoDatabaseServer;Initial Catalog=MBAM Recovery and Hardware" -AdvancedHelpdeskAccessGroup "Contoso\AdvancedUserGroup" -HelpdeskAccessGroup "Contoso\StandardUserGroup" -ReportsReadOnlyAccessGroup "Contoso\ReportUserGroup" -ReportUrl "https://ContosoReportsServer/ReportServer" -Port 443 -WebServiceApplicationPoolCredential (Get-Credential) -Certificate (dir cert:\LocalComputer\My\E2A7EA5533890D6567E40DFC46F53B3D31D6B689)

Example 2: Enable Self-Service Portal

This command enables the Self-Service Portal web application on the current server. The Self-Service Portal uses the Compliance and Audit Database and the Recovery Database on ContosoDatabaseServer.


PS C:\> Enable-MbamWebApplication -SelfServicePortal -ComplianceAndAuditDBConnectionString "Integrated Security=SSPI;Data Source=ContosoDatabaseServer;Initial Catalog=MBAM Compliance Status" -RecoveryDBConnectionString "Integrated Security=SSPI;Data Source=ContosoDatabaseServer;Initial Catalog=MBAM Recovery and Hardware" -Port 443 -WebServiceApplicationPoolCredential (Get-Credential) -Certificate (dir cert:\LocalComputer\My\E2A7EA5533890D6567E40DFC46F53B3D31D6B689) 

Example 3: Enable Agent Services

This command enables the Agent Services feature on the current server. The services use the Compliance and Audit Database and the Recovery Database on ContosoDatabaseServer.


PS C:\> Enable-MbamWebApplication -AgentService -ComplianceAndAuditDBConnectionString "Integrated Security=SSPI;Data Source=ContosoDatabaseServer;Initial Catalog=MBAM Compliance Status" -RecoveryDBConnectionString "Integrated Security=SSPI;Data Source=ContosoDatabaseServer;Initial Catalog=MBAM Recovery and Hardware" -Port 443 -WebServiceApplicationPoolCredential (Get-Credential) -Certificate (dir cert:\LocalComputer\My\E2A7EA5533890D6567E40DFC46F53B3D31D6B689) 

Example 4: Enable Administration and Monitoring Website for a mirrored environment

This command enables the Administration and Monitoring Website web application, and it configures web applications to use a mirrored Microsoft SQL Server environment. The connection strings specify a failover partner.


PS C:\> Enable-MbamWebApplication -AdministrationPortal -ComplianceAndAuditDBConnectionString "Integrated Security=SSPI;Data Source=ContosoDatabaseServer;Failover Partner=ContosoMirror;Initial Catalog=MBAM Compliance Status" -RecoveryDBConnectionString "Integrated Security=SSPI;Data Source=ContosoDatabaseServer;Failover Partner=ContosoMirror;Initial Catalog=MBAM Recovery and Hardware" -AdvancedHelpdeskAccessGroup "Contoso\AdvancedUserGroup" -HelpdeskAccessGroup "Contoso\StandardUserGroup" -ReportsReadOnlyAccessGroup "Contoso\ReportUserGroup" -ReportUrl "https://ContosoReportsServer/ReportServer" -Port 443 -WebServiceApplicationPoolCredential (Get-Credential) -Certificate (dir cert:\LocalComputer\My\E2A7EA5533890D6567E40DFC46F53B3D31D6B689)

Example 5: Enable the Self-Service Portal for a mirrored environment

This command enables the Self-Service Portal on the current server, and it configures web applications to use a mirrored SQL Server environment. The connection strings specify a failover partner.


PS C:\> Enable-MbamWebApplication -SelfServicePortal -ComplianceAndAuditDBConnectionString "Integrated Security=SSPI;Data Source=ContosoDatabaseServer;Failover Partner=ContosoMirror;Initial Catalog=MBAM Compliance Status" -RecoveryDBConnectionString "Integrated Security=SSPI;Data Source=ContosoDatabaseServer;Failover Partner=ContosoMirror;Initial Catalog=MBAM Recovery and Hardware" -Port 443 -WebServiceApplicationPoolCredential (Get-Credential) -Certificate (dir cert:\LocalComputer\My\E2A7EA5533890D6567E40DFC46F53B3D31D6B689) 

Verwandte Themen

Anzeigen: