MBAM BitLocker Enhanced PINs allow letters and numbers only
I have pushed MBAM settings via GPO and have had success with everything except the enhanced PIN requirement. All machines the policy applies to in our environment are running Windows 7 Enterprise x64, they all have the same policies applied to them and all exhibit the same issues. Hopefully I have just missed something simple. Below are the settings being pushed by group policy. The PIN settings work correctly when used in conjunction with the built-in "BitLocker Drive Encryption" found in the control panel letters, numbers, and special characters are allowed like the BitLocker settings suggest, a number of users had encrypted their drives with this before MBAM came along but now that the MBAM client and settings have been pushed these users are receiving a prompt to change their PINs, screenshots below. As the last screenshot shows only letters and numbers are available, most of our users have special characters in their PINs and I would like to allow them to continue to use them. My question is, should users be able to use special characters in conjunction with MBAM or is that not an option like it was with the built-in "BitLocker Drive Encryption"? Another issue of perhaps greater concern is when a user changes thier PIN using the built-in "BitLocker Drive Encryption" in the control panel MBAM seems to lose the ability to change the PIN and the prompts in the SS above become useless. MBAM will continue to prompt the user and will go through like the PIN change was successful but will never set the PIN, I found that turning BitLocker off, removing the encryption, and then encrypting it with MBAM resolves the issue but that isn't a solution and I don't want to have to tell my users to do that. Thanks for any help you can provide.
April 9th, 2012 3:18pm

Hi, Could you please refer to the following websites for reference: http://onlinehelp.microsoft.com/en-us/mdop/hh285640.aspx http://onlinehelp.microsoft.com/en-us/mdop/hh285664.aspx Thanks. Kevin NiPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2012 5:59am

Hi, Could you please refer to the following websites for reference: http://onlinehelp.microsoft.com/en-us/mdop/hh285640.aspx http://onlinehelp.microsoft.com/en-us/mdop/hh285664.aspx Thanks. Kevin NiPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
April 12th, 2012 5:59am

I have the same question as Kelruze and neither of those URLs really tell/give a good answer. So is it possible to use special characters? My hardware vendows tpm system allows it so why doesn't MBAM.
Free Windows Admin Tool Kit Click here and download it now
May 18th, 2012 3:58pm

I have the same question as Kelruze and neither of those URLs really tell/give a good answer. So is it possible to use special characters? My hardware vendows tpm system allows it so why doesn't MBAM.
May 18th, 2012 4:04pm

Sorry about the delayed response, according to Microsoft the documentation is wrong and the current MBAM client only supports letters and numbers, I was told that special characters might be added in future versions. The spam requiring the user to change the PIN but not allowing the users to change the PIN is caused when the drive is encrypted by the built-in BitLocker drive encryption, to resolve this turn off BitLocker and decrypt the drive. Encrypt the drive using MBAM located in C:\Program Files\Microsoft\MDOP MBAM\MBAMClientUI.exe or wait to be prompted for encryption. After which you will want to apply a GPO to hide the built-in BitLocker Drive Encryption option in the control panel because performing any management through it will break the MBAM client. Hope this helps, let me know if there are any more questions.Kelruze
Free Windows Admin Tool Kit Click here and download it now
May 21st, 2012 12:40pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics