Todd's Blog

Todd's Tips for System Adminstrators

  • TechDays
  • Speaking Engagements
  • Contact Me
  • About Me

Connect

  • LinkedIn

Powered by Genesis

Using Transparent Data Encryption in SQL Server 2008 For MBAM

posted on May 22, 2012

If you want to install Microsoft Bitlocker Administration and Monitoring (MBAM), then you will need to encrypt the SQL database that houses the keys for bitlocker.

You will need at least the Enterprise version of SQL Server 2008 (I used R2, but 2008 SP2 should also work).

The command to enter in a SQL Query tool is
use master
go

create Master key
encryption by password = 'PasswordHere'

This will allow MBAM to continue and install provided you met the other requirements.

In another post, I will cover off recovering the MBAM database and building a disaster recovery plan for MBAM.

 


Filed Under: Technology Tagged With: BitLocker, MBAM, Microsoft Bitlocker Administration and Monitoring, SQL Server 2008

Bitlocker Administration and Monitoring Registry Edit

posted on September 8, 2011

I have been in the pilot stages of a Bitlocker Administration and Monitoring (MBAM) implementation here at the school board. For my pilot, I am using a single server implementation. Now, in real life to implement MBAM you should be using a three server or five server implementation. I pinged @StephenLRose asking what the difference would be between three and five and the response was basically around where you would want the roles hosted and not about scalability. Size wise, 25,000 clients is what each MBAM implementation can handle.

So my pilot was to check out the implemenation guide, see how it works for encrypting the drive. The issue I did have so far was clients not checking in with the MBAM Server. What I found was a registry hack that needed to be done. The hack is this (from the TechNet forums):

Add a registry key on MBAM server under HKLM\Software\Microsoft
Create a new key called MBAM and then create a new Dword 32-bit value called DisableMachineVerification and set to 1

After you do this, on client restart the MBAM client service and then this issue should be resolved.

I performed that step and I was off to the races. The computer checked in to MBAM and then prompted me to encrypt the drive.  Another next step is to provide some automation for our imaging process.

Filed Under: Technology Tagged With: BitLocker, MBAM, Microsoft Bitlocker Administration and Monitoring

Recent Posts

  • Office 365 – Creating Custom SKUs
  • Setting a Default Printer in Windows 10
  • Deploying Windows to the Correct Drive in Configuration Manager
  • Surface Pro 4, Surface Dock and DVI Problems
  • Enabling UEV in Windows 10 1607

Recent Comments

  • Moore Details on Setting up a Delayed Charge in Quickbooks Online
  • MCP Exam Training on Using PowerShell to Get a List of Groups from Active Directory
  • Kac on Setting up an Office 2010 KMS Host Server
  • prabumedia.com | Pilih lisensi MAK atau MKS untuk aktifasi produk Microsoft ? on Setting up a KMS Server
  • prabumedia.com | Pilih lisensi MAK atau MKS untuk aktifasi produk Microsoft ? on Setting up an Office 2010 KMS Host Server

Archives

Categories

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org