Change MBAM Default Encryption Method from '128-bit with Diffuser' to '256-bit with Diffuser' in SCCM Deployment Task Sequence
Is there a way to change the default encryption method from '128-bit with Diffuser' to '256-bit with Diffuser'?
We have a requirement to have the 256-bit encryption being used as part of the SCCM Task Sequence using MBAM.
I had assumned that by adding the entry below to the AddMBAMRegEntries.reg file (as described in the article http://blogs.technet.com/b/deploymentguys/archive/2012/02/20/using-mbam-to-start-bitlocker-encryption-in-a-task-sequence.aspx) that
this would take effect but it doesn't seem to work:
"EncryptionMethod"=dword:00000002
Does anyone know if it is possible to do this using MBAM as part of a SCCM Task Sequence?Jonathan Conway | My blog: Conway's IT Blog | Twitter:
jonconwayuk | Linkedin:
Jonathan Conway
Jonathan Conway | MCITP: Enterprise Administrator MCP MCSE 2003 MCTS SCCM 2007, Windows 7 Config & Deploying VCP
April 13th, 2012 7:05am
I have managed to resolve this myself.
In the Task Sequence (just before the Enable Bitlocker task) add a Command Line TS item that runs the following command:
reg add HKLM\SOFTWARE\Policies\Microsoft\FVE /v EncryptionMethod /t REG_DWORD /d 2 /f
This isn't the same location as the other values added under 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM' but the MBAM client still recognises the value and encrypts the drive using 256-bit with Diffuser regardless.Jonathan Conway | My blog: Conway's IT Blog | Twitter:
jonconwayuk | Linkedin:
Jonathan Conway
Jonathan Conway | MCITP: Enterprise Administrator MCP MCSE 2003 MCTS SCCM 2007, Windows 7 Config & Deploying VCP
Free Windows Admin Tool Kit Click here and download it now
April 13th, 2012 9:49am
Hi,
Im glad to hear your issue has been resolved. Hope your experience will help other community members facing similar problems.
Regards,
Leo Huang
TechNet Subscriber Support
If you are
TechNet Subscription user and have any feedback on our support quality, please send your feedback
here.Leo Huang
TechNet Community Support
April 15th, 2012 9:46pm