Hi, we deployed Microsoft BitLocker Administration and Monitoring for testing. MBAM client is installed on a test system and MBAM GPOs are applied to a test system. How can I prompt the user to encrypt the drives with BitLocker? Thanks! Windows Server 2008 R2 Windows SQL Server 2008 R2 Windows 7 Ultimate

1st option: 1. Policies for MBAM on client: On Windows 7 client open registry HKLM\Software\Policies\Microsoft\FVE\MDOPBitLockerManagement Change the ClientWakeUpFrequency = 1 and StatusReportingFrequency=1 2. There is a random delay of up to 90 minutes when MBAM service starts on windows 7 client. If you don’t want random delay, then create a dword value “NoStartupDelay” under HKLM\Software\Microsoft\MBAM and set its value to 1. Restart the MBAM Client Service and then client will talk to server in 1 minute. If you hit this error on client, then follow the work around on this KB which I wrote 2612822 Computer Record is Rejected in MBAM http://support.microsoft.com/default.aspx?scid=kb;EN-US;2612822 MBAM Logs on client: Event Viewer -> Application and Services Logs -> Microsoft -> Windows -> MBAM If you have enabled Allow Hardware Compatability Check Policy then, To remove Hardware capability check delay do this: To do remove the timer: 1. HKLM\software\microsoft\MBAM\HWExemptionTimer 2. HKLM\software\microsoft\MBAM\HWExemptionType 3. Restart the MBAM agent: (BitLocker management client service) Or Change HKLM\software\microsoft\MBAM\HWExemptionType = 2 2nd Option: To pop-up MBAM client manually do this: On Windows 7 client machine, browse to c:\programfiles\microsoft\mdopmbam\ Double click on MBAMClientUI.exe and it will prompt a user to start the encryption.Manoj Sehgal

Hi, Did your issue solved? Please feel free to give me any update. Thanks. Regards, Leo Huang TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

to pop-up MBAM client manually works. but automatic pop-up doesn't work with any of the solution options after restarting the MBAM service.

Things to check: 1. The MBAM prompt will not be seen if you have taken a RDP session to the Win7 client machine. You will have to be on the console of the machine to see the prompt automatically. 2. Check MBAM logs on win7 client Event Viewer -> Application and Services Logs -> Microsoft -> Windows -> MBAM --> Admin If you see some errors let me know.Manoj Sehgal

Hi Korbinian, How’s everything going on? Did your problem solved by the suggestion of Manoj Sehgal? Please feel free to give any update here. Thank you for your understanding and cooperation. Regards, Leo Huang TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish. BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts. Regards, Leo Huang TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi there, I have the same problem - all MBAM and GPO settings in place and all working correctly, but no auto start. Manual kick-off of encyption by running the suggested .exe works fine. I checked the logs like you say under: Event Viewer -> Application and Services Logs -> Microsoft -> Windows -> MBAM --> Admin and I have the following errors; Event ID: 11 The computer is exempted from encryption. Machine's hardware status: Unknown Could this be the cause? Regards, Mark

Computer is exempted from encryption Check HKCU\Software\Microsoft\MBAM and delete MBAM and then try again. Manoj Sehgal

Manoj, We've implemented MBAM and everything is working correctly. The pop up to notify the user to bitlock is also working but I would like to make the pop up appear more often as some of the users just continue to click POSTPONE. Is there a way to increase the pop up? Thanks, RayRay

Im also having trouble with the prompting. I install the wim image with WinPE. Then in runonce: I import registry settings (hklm/software/microsoft/mbam) and I overwrite the policies\microsoft\fde\ so I need TPMonly to start encryption. Then I install the client.msi and encryption starts. After reboot group policy sets TPMandPIN, but when log on with a user I dont get prompted to set pin. If I start clientui.exe then I get message "Your company have changed the bitlocker policy" then I can press next, type pin twice, and it succesfully finishes. If I press postpone and restarts I dont get the prompt again. Ive set all client delays to 1 minute. I dont get any error in eventvwr. If a user press postpone, what happens? does it make a runonce key or what?

Hi in the Event Viewer i can see the following: this computer is exempted from encryption computers won start the encryption automaticlly :( please HELP! , , . Best Regards, Ori Husyt -

Hi Booray, Try with the changes to the registry entries as proposed by Manoj. HKLM\Software\Policies\Microsoft\FVE\MDOPBitLockerManagement Change the ClientWakeUpFrequency = 1 and StatusReportingFrequency=1 I think this will reduce the frequency for the pop-up to come up more often. Please do reply if it worked.Gaurav Ranjan

Hi Ori, If you have enabled Allow Hardware Compatability Check Policy then Change HKLM\software\microsoft\MBAM\HWExemptionType = 2 So that MBAM agent can know the machine is non-exempted and can start the encryption. This has worked for me. I hope it will work for you as well. If it, then do a reply so that it will be helpful to other with the same issue. Gaurav Ranjan