Bitlocker administration and monitoring (MBAM) and clients that are already encrypted
We are looking to roll out Windows 7 with Bitlocker enabled soon. We just recently found out about MBAM and are looking into it but we probably will not hold up the Windows 7 rollout for it. The question is, how does MBAM work with Windows 7 clients that are already encrypted with Bitlocker? Will it pick the fact that it has been encrypted and just try to enforce whatever policies we have in place or will it fail?
August 19th, 2011 9:25pm

I have the same question. I have MBAM installed as well as Windows 7 Bitlocker clients that were pre-existing. The compliance report is currently showing that my clients are Non-Compliant. Why is this???
Free Windows Admin Tool Kit Click here and download it now
September 15th, 2011 10:56pm

MBAM agent installed on windows 7 client will push the recovery keys to MBAM SQL database. Reports will show compliance status based on GPO configured for MBAM. If your volume is encrypted with bitlocker, but MBAM GPO are not configured the your machine status will be non-compliant. To get a compliant machine status, you need to enable GPO for MBAM under operating system drive to enabled. Hope this helps. -ManojManoj Sehgal
September 17th, 2011 7:30am

Hi Manoj, Thanks for the response. I have Group Policy configured...is not correct?
Free Windows Admin Tool Kit Click here and download it now
September 17th, 2011 8:07pm

The GPO which have configured will back up recovery information in AD and not MBAM. For MBAM GPO see the link below. http://onlinehelp.microsoft.com/pt-br/mdop/hh285640.aspx Hope this helps. Manoj (MSFT)Manoj Sehgal
September 22nd, 2011 12:37am

Assuming all your bitlocker GPO settings are the same now as they were before there is no issues. I have personally deployed this exactly scenario to +4000 machines (previously Bitlockered with similar settings) with no snags once I get the client to check in. I am still working through the last of the automatic compliance enforncement issues. From your settings you will have recovery information in 2 (AD & HW and Recovery) locations.
Free Windows Admin Tool Kit Click here and download it now
March 19th, 2012 1:17am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics