How to skip the MBAM client password page for fixed drives
Regardless of what password policy i set in the MBAM group policies, if i require encryption for fixed drives (Partition D for example), the mbam wizard allways asks me to set a password for it, even though i set the fixed drive password policy to
"not require" and "auto unlock". i can even go into the bitlocker applet in control panel and remove the password after encryption starts.
How can i encrypt both C: and D: without asking for a password for D?
January 2nd, 2012 10:04am
Hi,
I think password is necessary when encrypting the hard drive via Bitlocker for security. I cannot find a method to encrypt the hard drive without setting password.
Best Practices for BitLocker in Windows 7
http://technet.microsoft.com/en-us/library/dd875532(WS.10).aspx
Niki
TechNet Subscriber Support
in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com
Niki Han
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
January 3rd, 2012 4:50am
In MBAM by design, it is mandatory to supply a password for fixed drives.
You can encrypt, OS drive automatically by using TPM only, so that we don't prompt the user for a PIN.
Configure the MBAM GPOs for TPM only.
Manoj Sehgal
January 3rd, 2012 10:26am
I have the exact same problem! But you can avoid using a password in another way:
Set the following policy to "disabled"
Computer Configuration > Administrative Templates > Windows Components > MDOP
MBAM > BitLocker Management > Fixed Drive > Configure use of passwords for fixed data drives
You can now encrypt the fixed drive through
BitLocker Drive Encryption in the Control Panel without using a password. You just have to tick the
Automatically unlock this drive on this computer checkbox manually.
The “funny” thing is that the description for the above policy is says "If you disable this policy setting, the user is not allowed to use a password.".
Why does this work for the build-in Bitlocker Setup and not for the MBAM Client UI witch the policy is made to?!
I'm going through the last tests before deploying MBAM to 300 clients, but this last thing that I need to solve. The deployment needs to be as automated as possible.
Anyone who knows how to get the MBAM Client UI to accept the policy i mentioned above?
Free Windows Admin Tool Kit Click here and download it now
January 5th, 2012 7:36am
Hi,
I am currently standing by for an update from you and would like to know how things are going. If you have any feedback, please let us know.
Niki
TechNet Subscriber Support
If you are
TechNet Subscription user and have any
feedback on our support quality, please send your feedback here.
Niki Han
TechNet Community Support
January 6th, 2012 3:21am
As I said earlier, MBAM by design, requires a password to be entered for fixed data drives.
If you do not use MBAM, original bitlocker will allow you to encrypt the drives using auto-unlock.
Also if you do this, MBAM complaince reports will not report your fixed drives as encrypted since MBAM requires password as a protector.
One thing you can do is:
For deployment, you can use auto-unlock with orginal bitlocker GPOs.
Once done enable MBAM GPO, which will only prompt the user to supply a password for data drives.
In this way you accomplish your goal for deployment and also get correct MBAM reporting for your data drives.
Manoj Sehgal
Free Windows Admin Tool Kit Click here and download it now
January 6th, 2012 2:08pm
Hi,
As this thread has been quiet for a while, I assume the issue has been resolved. At this time, we will mark it as "Answered" as the previous steps should
be helpful for many similar scenarios. If the issue still persists, please feel free to
reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.
BTW,
we'd love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.
Niki
TechNet Subscriber Support
If you are
TechNet Subscription
user and have any feedback on our support quality, please send your feedback
here.
Niki Han
TechNet Community Support
January 8th, 2012 8:47pm
Hi,
MBAM agent requires password for fixed data drive by design. If you set the policy "Configure use of passwords for fixed data drives" to disabled, MBAM agent will refuse to
encrypt fixed data drive. In this case, MBAM eventlog registers the following error: 0x8031006a,
"policy settings don't allow password creation" !
Free Windows Admin Tool Kit Click here and download it now
May 29th, 2012 3:04am
Hi,
Just a question about this fixed drive password, in what type of situation I can have to enter this password ?
Thanks
June 25th, 2012 6:16am