However in MEMCM 2103 this all changed after supportcase it turned out that using the script (and I would assume GPO) creates extra policies and drastically impact performance.
When MBAM was integrated into MEMCM many of us still used the same script / solution to enable BitLocker during OS deployment as the WebService/DB tables used by MBAM was basically just added to Configuration Manager. The script then escrowed the recovery key and if present the TPM Password Hash to the MBAM Webservice and all was well. To enable BitLocker during OSD when using MBAM Standalone we used the script “Invoke-MbamClientDeployment.ps1” after first installing the MBAM client during OSD. Where the latest addition is support for Enhanced HTTP and CMG to escrow the recovery key which is awesome! MBAM was integrated in Configuration Manager and first released in 1910 and has been improved in every release after that. – Protection against accidental deletion of AD computer object (Separate DB) I have always liked Microsoft BitLocker Administration and Monitoring(MABM) as it provides us with additional functionality compared to saving the BitLocker recovery key in Active Directory.
0 kommentar(er)
