Dela via

How to Edit MBAM 1.0 GPO Settings

  • Artikel

Gäller för: Microsoft BitLocker Administration and Monitoring 1.0

To successfully deploy Microsoft BitLocker Administration and Monitoring (MBAM), you must first determine the Group Policies that you will use in your implementation of Microsoft BitLocker Administration and Monitoring. For more information about the various available policies, see Planning for MBAM 1.0 Group Policy Requirements. After you have determined the policies that you are going to use, you then must modify one or more Group Policy Objects (GPO) that include the MBAM policy settings.

The following steps describe how to configure the basic, recommended Group Policy object (GPO) settings to enable MBAM to manage BitLocker encryption for your organization’s client computers.

To edit the MBAM Client GPO settings

  1. On a computer that has MBAM Group Policy template installed, make sure that MBAM services are enabled.

  2. Use the Group Policy Management Console (GPMC.msc) or the Advanced Group Policy Management (AGPM) MDOP product for these actions: Select Computer configuration, choose Policies, click Administrative Templates, select Windows Components, and then click MDOP MBAM (BitLocker Management).

  3. Edit the Group Policy Object settings that are required to enable MBAM Client services on client computers. For each policy in the table that follows, select Policy Group, click the Policy, and then configure the Setting.

    Policy Group Policy Setting

    Client Management

              </p>
        </td>
        <td rowspan="1">
          <p>Configure MBAM Services</p>
        </td>
        <td rowspan="1">
          <p>Enabled. Set <strong>MBAM Recovery and Hardware service endpoint</strong> and <strong>Select BitLocker recovery information to store</strong>.</p>
          <p>Set <strong>MBAM compliance service endpoint</strong> and <strong>Enter status report frequency in (minutes)</strong>.</p>
        </td>
      </tr>
      <tr>
        <td>
          <p>Allow hardware compatibility checking</p>
        </td>
        <td>
          <p>Disabled. This policy is enabled by default, but is not needed for a basic MBAM implementation.</p>
        </td>
      </tr>
      <tr>
        <td>
          <p>Operating System Drive</p>
        </td>
        <td>
          <p>Operating system drive encryption settings</p>
        </td>
        <td>
          <p>Enabled. Set <strong>Select protector for operating system drive</strong>. This is required to save operating system drive data to the MBAM Key Recovery server.</p>
        </td>
      </tr>
      <tr>
        <td rowspan="1">
          <p>Removable Drive</p>
        </td>
        <td rowspan="1">
          <p>Control Use of BitLocker on removable drives</p>
        </td>
        <td rowspan="1">
          <p>Enabled. This is required if MBAM will save removable drive data to the MBAM Key Recovery server.</p>
          <p>

          </p>
        </td>
      </tr>
      <tr>
        <td>
          <p>Fixed Drive</p>
        </td>
        <td>
          <p>Control Use of BitLocker on fixed drives</p>
        </td>
        <td>
          <p>Enabled. This is required if MBAM will save fixed drive data to the MBAM Key Recovery server.</p>
          <p>Set <strong>Choose how BitLocker-protected drives can be recovered</strong> and <strong>Allow data recovery agent</strong>.</p>
        </td>
      </tr>
    </table>

    Viktigt

    Depending on the policies that your organization decides to deploy, you may have to configure additional policies. See Planning for MBAM 1.0 Group Policy Requirements for Group Policy configuration details for all of the available MBAM GPO policy options.

    Se även

    Ytterligare resurser

    Deploying MBAM 1.0 Group Policy Objects

    -----
    You can learn more about MDOP in the TechNet Library, search for troubleshooting on the TechNet Wiki, or follow us on Facebook or Twitter.
    -----