In part 3 here of this MBAM 2.5 SP1 multi series guide,we have installed MBAM prerequisites for configuration manager 2012,changes to MOF file,inventory changes,MBAM collection etc.
In this part 4 ,we will see the main components of MBAM 2.5 SP1, which are database ,reports and web application.
Login to MBAM01 server with CM_SRV (MBAM_admin) account ,mount the MDOP 2015 ISO,browse to the MBAM 2.5 SP1 folder.
Image may be NSFW.
Clik here to view.
Run MBAMserversetup with default options Next,Next ,Next until the last screen.
Image may be NSFW.
Clik here to view.
Click on Add new features
Image may be NSFW.
Clik here to view.
we will first install database and reports and later will install web applications.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
Enter the SQL server Name (if you have installed locally or remote server)
I have used default instance (MSSQLSERVER) so I leave it blank, if you have named instance,please provide so.
Use the account you have created in AD for Database read and write
Image may be NSFW.
Clik here to view.
Recovery database:
Image may be NSFW.
Clik here to view.
Enter the reporting role domain group name (MBAM_HD_Reports_ and compliance audit domain account name (MBAM_DB_RO)
Image may be NSFW.
Clik here to view.
check the summary page if all set correctly or not.
Image may be NSFW.
Clik here to view.
If you have other servers where you want to install these components again and you don’t want follow all these steps ,you can export the powershell script ,change the components (like certificate ,account etc) and run the script on other server to make things easy.
Image may be NSFW.
Clik here to view.
With this,we have installed compliance database,recovery database .
Check if these databases created or not by openings SQL server management studio.
Image may be NSFW.
Clik here to view.
Also the account that have specified during the installation will get automatically added with required permissions.
Image may be NSFW.
Clik here to view.
Next ,we will install the web Applications
On the server ,from start menu ,search mbam ,open MBAM server Configuration to add the WebApplications
Image may be NSFW.
Clik here to view.
Click on Add new features
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
As am not using any SSL now ,I will check do not use certificate
Enter the hostname,IIS path an d Port number ( if you have enabled the firewall ,you must allow the this port for website communication).
Image may be NSFW.
Clik here to view.
fill the details as shown below
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
Enable TPM Lockout Autoreset is new feature in MBAM 2.5 SP1. On computers running TPM 1.2, you can now configure MBAM to automatically unlock the TPM in case of a lockout. If the TPM lockout auto reset feature is enabled, MBAM can detect that a user is locked out and then get the OwnerAuth password from the MBAM database to automatically unlock the TPM for the user.
This feature must be enabled on both the server side (enable as shown above) and in Group Policy on the client side (we will configure this later)
Image may be NSFW.
Clik here to view.
SQL Server reporting service URL : http://MBAM01.corp.eskonr.com/ReportServer If you are using SSL,use https.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
lets have a check on IIS server if these websites created or not.
From Run command,type inetmgr .
Image may be NSFW.
Clik here to view.
Right click on helpdesk ,choose manage applications –browse ,you will see the helpdesk webpage.
If you don’t see reports ,then you are not member of group ‘MBAM_HD_Reports’. Only user MBAM_report1 is member can can view reports.
To view below 2 options like Drive recovery and Manage TPM,user must be member of MBAM_HD_ADv group.To see only reports,user must be member of MBAM_HD_reports.
Image may be NSFW.
Clik here to view.
If user member of only MBAM_HD_Reports then can see only reports.
Image may be NSFW.
Clik here to view.
do the same for self-service portal
Image may be NSFW.
Clik here to view.
If you want to configure the selfservice portal to change the company name, display text etc ,you can go to IIS Server ,click on selfservice ,open application settings
Image may be NSFW.
Clik here to view.
With this,we have successfully installed the database,reports and web applications on our MBAM server.
In next part 5 of this multi series ,we will see how to configure the prerequisites (GPO’s etc) for Clients before we start doing computer bitlocker.