Hello, we are thinking about deploying MBAM with single use of recovery keys. The question we would like to be clear in before is: If the user that had to recover its notebook is offline and didn't see the MBAM server, will the key be changed also? What recovery key can be used if the notebook has to be recovered the second time without having access to MBAM between? Is the old recoverykey still enabled or is there a need for world wide users to come in or connect using vpn or similar to interchange the recovery key? Any suggestion would be great. Kind regards, benedikt Have a look at: http://www.scapaot.de

If the notebook had encrypted and reported to the MBAM server, the key would be stored. After using the one time key, the notebook MUST report to the server, so that the recovery key (one time key) is replaced. The recovery key is a one time key. The users would either need to use VPN or otherwise connect to the network. http://www.microsoft.com/download/en/details.aspx?id=27555 has the white papers, to include the administrators guide and best practices. Feel free to ask if you're unsure about something.

What recovery key can be used if one is needed before the notebook reports back to the server that the key is used? To say it the other way round: Will the local recovery key be changed after usage and afterwards mbam client will try to submit the key to the server? Or will the key changed after the client has made the connection to the server? If the first one is the way it is done, then there is a possibility of data loss. No one will have access to the notebook anymore if the key is needed before the server is seen again... So, in my opinion, the documentation isn't clear enough in that point.Have a look at: http://www.scapaot.de

What recovery key can be used if one is needed before the notebook reports back to the server that the key is used? To say it the other way round: Will the local recovery key be changed after usage and afterwards mbam client will try to submit the key to the server? Answer: The single use recovery key will only change the recovery key id and recovery password if the win7 agent can talk to the MBAM server. Or will the key changed after the client has made the connection to the server? If the first one is the way it is done, then there is a possibility of data loss. No one will have access to the notebook anymore if the key is needed before the server is seen again... So, in my opinion, the documentation isn't clear enough in that point. Answer: Suppose HelpDesk gives the recovery key to the user and the computer never connects to your network again, then the recovery id and 48 digit recovery password is not changed. This will only change when the MBAM agent will next time talk to MBAM server which is the next client wake-up frequency. I hope this helps.Manoj Sehgal

Thank you.Have a look at: http://www.scapaot.de