MBAM Console

    General discussion

  • The MBAM console is just a website. I don't like sequencing URL's because I find it clutters up the users desktop with shortcuts that could just as easily be a favorite in their browser. However I had the idea to sequence this and I like the ease of managing access to the console this way.

    Step 1 - Sequence the Application

    Choose all defaults in the App-V Sequencing Wizard until you get to the window prompting you to provide a Package name. Name the package accordingly e.g. Microsoft MBAM 1.1. Take note of the Primary Directory e.g. Q:\Microsoft MBAM 1.1.

    Choose Perform a custom installation. Click Next.

    Don't install anything.

    Check the box to indicate the install has been completed once you have successfully installed the application.

    You should choose to customize the application further. You need to add a shortcut for the MBAM Console here. I ensured my shorcut was pointing to "C:\Program Files (x86)\Internet Explorer\explore.exe" "http://<YOUR URL TO THE MBAM CONSOLE>" I then changed the icon from the default Internet Explorer to point to the Bitlocker shortcut icon. "C:\Windows\System32\BitLockerWizard.exe"

    I did not launch the application for optimization. I chose not to do this because it authenticates and is just a link and should be relatively quick launching.

    When complete you may select File-->SaveAs

    Save the application to the relevant path (what you set in the Deployment tab)

    Step 3 - Application Complete

    You can now deploy the application now. And this is where I feel the benefit of using App-V comes in. This console is for managing the recovery and applying security measures for encrypting users hard drives and as such access should be restricted. With MBAM this is restricted via groups as follows:

    So as you can see above you can restrict access with great granularity. When deploying the MBAM console with App-V can deploy to the same AD Groups you give access to on the MBAM server itself. It's also very easy to remove the shortcut again as you just remove the user from the AD Group and it should disappear the next time to the client refreshes.

    I hope this is helpful for somebody!


    Tuesday, October 9, 2012 5:18 AM