BitLocker management – Part 4 Force encryption with no user action
13.7 هزار بار بازدید -
5 سال پیش
-
Note: The workaround used in
Note: The workaround used in this video is for Configuration Manager version 1910 only. This workaround is not needed in later versions.
In this video I show you how to create a Configuration Baseline in Configuration Manager 1910 containing a Configuration Item, which sets 2 registry keys that allow the MBAM client to automatically begin encrypting the computer without user interaction. These registry keys are needed in Configuration Manager 1910 to enforce BitLocker encryption silently. You will most likely not need these registry settings for newer versions of Configuration Manager, but in 1910, you need it (or you need to set the equivalent MDOP GPO's).
Note: Not shown in this video, but make sure you deploy these registry keys BEFORE deploying the MBAM policy to the computers in question.
Below are the key path and key names I used in the video:
SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement
OsEnforcePolicyPeriod
compliance rule = 0
SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement
UseOsEnforcePolicy
compliance rule = 1
And here is a link to the GPO setting documentation:
https://docs.microsoft.com/en-us/micr...
If you'd like to learn more about MBAM in Configuration Manager, see here:
https://www.niallbrady.com/2019/11/13...
In this video I show you how to create a Configuration Baseline in Configuration Manager 1910 containing a Configuration Item, which sets 2 registry keys that allow the MBAM client to automatically begin encrypting the computer without user interaction. These registry keys are needed in Configuration Manager 1910 to enforce BitLocker encryption silently. You will most likely not need these registry settings for newer versions of Configuration Manager, but in 1910, you need it (or you need to set the equivalent MDOP GPO's).
Note: Not shown in this video, but make sure you deploy these registry keys BEFORE deploying the MBAM policy to the computers in question.
Below are the key path and key names I used in the video:
SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement
OsEnforcePolicyPeriod
compliance rule = 0
SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement
UseOsEnforcePolicy
compliance rule = 1
And here is a link to the GPO setting documentation:
https://docs.microsoft.com/en-us/micr...
If you'd like to learn more about MBAM in Configuration Manager, see here:
https://www.niallbrady.com/2019/11/13...
5 سال پیش
در تاریخ 1398/09/26 منتشر شده
است.
13,761
بـار بازدید شده