Evaluating MBAM 2.5 in a Test Environment

This topic describes how you can set up a test environment to evaluate Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 in the Stand-alone or System Center Configuration Manager Integration topology.

Evaluating MBAM 2.5 by using the Stand-alone topology

To evaluate MBAM by using the Stand-alone topology, use the information in the following tables to install the MBAM Server software, and then configure the MBAM Server features in your test environment.

To evaluate MBAM 2.5 by using the Stand-alone topology

  1. Before installing MBAM, do the following:

    Task Where to get instructions

    Ensure that you have installed all of the prerequisite software.

    MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies

    Check the required hardware, RAM, and other specifications.

    MBAM 2.5 Supported Configurations

    Review the prerequisites for using Windows PowerShell if you plan to use the cmdlets to configure MBAM.

    Configuring MBAM 2.5 Server Features by Using Windows PowerShell

  2. Install the MBAM Server software, and then configure the features you want.

    Task Where to get instructions

    Install the MBAM Server software on each server where you want to configure an MBAM Server feature.

    Installing the MBAM 2.5 Server Software

    Configure the Compliance and Audit Database and the Recovery Database.

    How to Configure the MBAM 2.5 Databases

    Configure the Reports feature.

    How to Configure the MBAM 2.5 Reports

    Configure the web applications.

    How to Configure the MBAM 2.5 Web Applications

  3. On a client computer, do the following:

    1. Install the MBAM Client on a client computer.

    2. Apply the MBAM Group Policy Objects (GPOs) to the computer.

    3. Set the following registry keys to force the MBAM Client to wake up faster and at regular intervals:

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement
      "ClientWakeupFrequency"=dword:00000001
      "StatusReportingFrequency"=dword:00000001
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM] 
      "NoStartupDelay"=dword:00000001
      

      Note
      Because these keys wake up the MBAM Client every minute, we recommend that you use these registry key settings only in a test environment.

    4. Restart the BitLocker Management Client Service.

Evaluating MBAM 2.5 by using the System Center 2012 Configuration Manager Integration topology

To evaluate MBAM by using the Configuration Manager Integration topology, use the information in the following tables to install the MBAM Server software, and then configure the MBAM Server features in your test environment. After installing the MBAM Client on a client computer, you will complete additional steps to force the MBAM Client to report the computer’s status to MBAM more quickly.

To evaluate MBAM 2.5 by using the System Center 2012 Configuration Manager Integration topology

  1. Before installing MBAM, review the prerequisite software and supported configuration.

    Task Where to get instructions

    Ensure that you have installed all of the prerequisite software.

    MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies

    MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology

    Check the required hardware, RAM, and other specifications.

    MBAM 2.5 Supported Configurations

    Review the prerequisites for using Windows PowerShell if you plan to use the cmdlets to configure MBAM.

    Configuring MBAM 2.5 Server Features by Using Windows PowerShell

    Create or edit the .mof files.

    Edit the Configuration.mof File

    Create or Edit the Sms_def.mof File

  2. Install the MBAM Server software, and then configure the features you want.

    Task Where to get instructions

    Install the MBAM Server software on each server where you want to configure an MBAM Server feature.

    Note

    You can install the databases to a remote SQL Server computer by using Windows PowerShell or an exported data-tier application (DAC) package. For more information about DAC packages, see Data-tier Applications.

    Installing the MBAM 2.5 Server Software

    Configure the Compliance and Audit Database and the Recovery Database.

    How to Configure the MBAM 2.5 Databases

    Configure the Reports feature.

    How to Configure the MBAM 2.5 Reports

    Configure the web applications.

    How to Configure the MBAM 2.5 Web Applications

    Configure the System Center Configuration Manager to install the Configuration Manager objects.

    How to Configure the MBAM 2.5 System Center Configuration Manager Integration

  3. On a client computer, do the following:

    1. Install the MBAM Client and the Configuration Manager Client on a client computer.

    2. Apply the MBAM Group Policy Objects to the computer.

    3. Set the following registry keys to force the MBAM Client to wake up faster and at regular intervals:

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement
      "ClientWakeupFrequency"=dword:00000001
      "StatusReportingFrequency"=dword:00000001
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM] 
      "NoStartupDelay"=dword:00000001
      

      Note
      Because these keys wake up the MBAM Client every minute, we recommend that you use these registry key settings only in a test environment.

    4. Restart the BitLocker Management Client Service.

    5. In Control Panel, open Configuration Manager, and then click the Actions tab.

    6. Select Machine Policy Retrieval & Evaluation Cycle, and then click Run Now to apply the Group Policy Objects that are relevant to that client computer.

    7. Select Hardware Inventory Cycle, and then click Run Now. This step runs the hardware inventory by using the new classes that you imported to your .mof files, and then sends the data to the Configuration Manager server.

  4. In the Configuration Manager console, do the following:

    1. In the navigation pane, right-click MBAM Supported Computers, click Update Membership, and then click Yes to force the client computer to report its membership immediately.

    2. In the navigation pane, click MBAM Supported Computers to verify that the client computer appears in the collection.

  5. On the client computer, in Control Panel, reopen Configuration Manager again, and do the following:

    1. Click the Actions tab, and then rerun Machine Policy Retrieval & Evaluation Cycle.

    2. Click the Configurations tab, select the BitLocker baseline, and then click Evaluate.

  6. In the Configuration Manager console, verify that the client computer appears on the Enterprise Compliance Report: as follows:

    1. In the navigation pane, select the Monitoring workspace.

    2. In the console tree, expand Overview > Reporting > Reports > MBAM.

    3. Select the folder that represents the language in which you want to view reports, and then select the report in the results pane.

Evaluating MBAM 2.5 by using the System Center Configuration Manager 2007 Integration topology

To evaluate MBAM by using the Configuration Manager Integration topology, follow the same steps to install and configure MBAM in your test environment as you use in a production environment. After installing the MBAM Client on a client computer, complete the additional steps in this topic to enable the MBAM Client to start reporting the computer’s status to MBAM more quickly.

To evaluate MBAM by using the Configuration Manager 2007 Integration topology

  1. Before you install MBAM, do the following:

    Task Where to get instructions

    Ensure that you have installed all of the prerequisite software.

    MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies

    MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology

    Check the required hardware, RAM, and other specifications.

    MBAM 2.5 Supported Configurations

    Create or edit the .mof files.

    Edit the Configuration.mof File

    Create or Edit the Sms_def.mof File

  2. Install the MBAM Server software, and then configure the features you want.

    Task Where to get instructions

    Install the MBAM Server software on each server where you want to configure an MBAM Server feature.

    Note

    You can install the databases to a remote SQL Server computer by using Windows PowerShell or an exported data-tier application (DAC) package. For more information about DAC packages, see Data-tier Applications.

    Installing the MBAM 2.5 Server Software

    Configure the Compliance and Audit Database and the Recovery Database.

    How to Configure the MBAM 2.5 Databases

    Configure the Reports feature.

    How to Configure the MBAM 2.5 Reports

    Configure the web applications.

    How to Configure the MBAM 2.5 Web Applications

    Configure the System Center Configuration Manager to install the Configuration Manager objects.

    How to Configure the MBAM 2.5 System Center Configuration Manager Integration

  3. On a client computer, do the following:

    1. Install the MBAM Client on a client computer.

    2. Apply the MBAM Group Policy Objects to the computer.

    3. Set the following registry keys to force the MBAM Client to wake up more quickly and at faster intervals:

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement
      "ClientWakeupFrequency"=dword:00000001
      "StatusReportingFrequency"=dword:00000001
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM] 
      "NoStartupDelay"=dword:00000001
      

      Note
      Because these keys wake up the MBAM Client every minute, we recommend that you use these registry key settings only in an evaluation environment.

    4. Restart the BitLocker Management Client Service.

    5. In Control Panel, open Configuration Manager, and then click the Actions tab.

    6. Select Machine Policy Retrieval & Evaluation Cycle, and then click Run Now to apply the Group Policy Objects that are relevant to that client computer.

    7. Select Hardware Inventory Cycle, and then click Run Now. This step runs the hardware inventory by using the new classes that you imported to your .mof files and then sends the data to the Configuration Manager server.

  4. In the Configuration Manager console, do the following:

    1. In the navigation pane, right-click MBAM Supported Computers, click Update Membership, and then click Yes to force the client computer to report its membership immediately.

    2. In the navigation pane, click MBAM Supported Computers to verify that the client computer appears in the collection.

  5. On the client computer, in Control Panel, reopen Configuration Manager again, and do the following:

    1. Click the Actions tab, and then rerun Machine Policy Retrieval & Evaluation Cycle.

    2. Click the Configurations tab, select the BitLocker baseline, and click Evaluate.

  6. In the Configuration Manager console, verify that the client computer appears on the Enterprise Compliance Report, as follows

    1. In the navigation pane, expand Computer Management > Reporting > Reporting Services > <server name>MBAM.

    2. Within the MBAM node, select the folder that represents the language in which you want to view reports, and then select the report from the results pane.

Got a suggestion for MBAM? Add or vote on suggestions here. Got a MBAM issue? Use the MBAM TechNet Forum.

Getting Started with MBAM 2.5