locked
MBAM Howto remove Popups RRS feed

  • Question

  • Hello Group!

    I would like to remove all MBAM Client Popups so the user does not see any of them:

    

    We are not using a PIN, just the TPM, so the user does not have to create a PIN.

    How can we do that?

    Thanks,

    Andre Dube


    • Edited by Andre Dube Monday, September 15, 2014 7:50 PM
    Monday, September 15, 2014 7:48 PM

Answers

  • Here is what I did to get rid of the MBAM Client Popups using SCCM:

    Do the following using scripts with reboot between each of them:

    1- Activate the TPM Chip in the BIOS

    2- Prepare the Partition 
    bdehdcfg -target default -size 600 -restart

    3- Turn TPM on and take ownership 
    manage-bde -tpm -t
    manage-bde -tpm -takeownership AnyPasswordHere

    4- Turn Bitlocker On
    manage-bde -on c: -recoverypassword

    5- Install the MBAM Client

    Thank you Gaurav and Lionel for helping to brainstorm on the solution!

    Cheers!


    Andre Dube http://blog.andredube.com

    • Marked as answer by Andre Dube Tuesday, September 23, 2014 2:08 PM
    Tuesday, September 23, 2014 2:08 PM

All replies

  • Hello,

    With MBAM 2.5 if you set the grace period to 0 days and encrypt with the TPM protector only, normally no popup appeared for the end user.

    Regards,


    Follow me on Twitter http://www.twitter.com/liontux | My Blog (French/English) : http://security.sakuranohana.fr/

    Tuesday, September 16, 2014 7:23 AM
  • Bonjour Lionel,

    Thank you for the Reply,

    I already did set the grace period to 0.

    It does take care of one popup, but the other ones to reboot (Partition and TPM reboots)

    are still seen by the users.

    Merci!

    Wednesday, September 17, 2014 1:55 PM
  • You need to set the status of the TPM to "ON and ownership has not been taken" before starting the encryption. On Dell machines you can use CCTK tool to do so. Doing so will not prompt you to restart the machine to turn ON the TPM.

    Gaurav Ranjan

    Monday, September 22, 2014 7:56 AM
  • If you are using MBAM 2.0 use the Powershell Script which I have created days back to automate the encryption.


    Gaurav Ranjan

    Monday, September 22, 2014 8:02 AM
  • Hi Gaurav,

    I'll give it a try.

    Thanks.


    Andre Dube http://blog.andredube.com

    • Marked as answer by Andre Dube Tuesday, September 23, 2014 2:05 PM
    • Unmarked as answer by Andre Dube Tuesday, September 23, 2014 2:08 PM
    Monday, September 22, 2014 10:10 AM
  • Here is what I did to get rid of the MBAM Client Popups using SCCM:

    Do the following using scripts with reboot between each of them:

    1- Activate the TPM Chip in the BIOS

    2- Prepare the Partition 
    bdehdcfg -target default -size 600 -restart

    3- Turn TPM on and take ownership 
    manage-bde -tpm -t
    manage-bde -tpm -takeownership AnyPasswordHere

    4- Turn Bitlocker On
    manage-bde -on c: -recoverypassword

    5- Install the MBAM Client

    Thank you Gaurav and Lionel for helping to brainstorm on the solution!

    Cheers!


    Andre Dube http://blog.andredube.com

    • Marked as answer by Andre Dube Tuesday, September 23, 2014 2:08 PM
    Tuesday, September 23, 2014 2:08 PM