In my previous post has details on how to configure the BitLocker. This post will see how to Install and Configure BitLocker Portals.

Prerequisites for BitLocker Portals

• To use a self-service portal or administration and monitoring websites, need to a have Windows server Running IIS.

• Microsoft ASP.Net MVC 4.0 is required to install on the same IIS server.

• SysAdmin rights on SQL is required for the account used to run scripts to install a self-service portal.

Groups

Create these groups in Active Directory and the user account needs to be in one of the following groups.

• BitLocker Help Desk Admins:- Provide access to all areas of the administration and monitoring website. We can help a user recover their drives, you can enter only the recovery key.

• BitLocker Help Desk Users:- provide access to the Manage TPM and Drive Recovery areas of the administration and monitoring website. If a user is a member of both this group and the BitLocker Help Desk Admin, the admin group permissions override the user group permissions.

• BitLocker Report Users:- Provide access to the Report area of the administration and monitoring website.

Install Portal

• Below files are already available at Configmgr installation folder\cd.latest\SMSSetup\Bin\x64

• Run the PowerShell command from the folder having the above files.

• Once the command is executed can see the below entries.

Command:-.\MBAMWebSiteInstaller.ps1 -SqlServerName MEC-PS1SITE.mecmtechie.com -SqlDatabaseName CM_ps1 -ReportWebServiceUrl "http://MEC-PS1SITE.mecmtechie.com/ReportServer" -HelpdeskUsersGroupName "mecmtechie\BitLocker help desk users" -HelpdeskAdminsGroupName "mecmtechie\BitLocker help desk admins" -MbamReportUsersGroupName "mecmtechie\BitLocker report users" -SiteInstall Both

• Access the Administration and monitoring portal URL http://mec-ps1site.mecmtechie.com/helpdesk/

• Access the Self-services Portal URL http://mec-ps1site.mecmtechie.com/selfservice/

After installing the portal you can customize the portal.

• Launch IIS application.

• Goto Sites --> Default Website --> Self Service --> Application Setting

1. Company Name:- Organization name displays in the self-service portal.

2. Display Notice:- That the user has to acknowledge in the self-service portal.

3. HelpDesk Text:- Contact Information.

4. NoticeTextPath:- Notice that the user requires to acknowledge, by default on the webserver c:\inetpub\Microsoft BitLocker Management Solution\Self Service Website\Notice. txt

SQL queries:-

• select * from RecoveryAndHardwareCore_Keys

• select * from RecoveryAndHardwareCore_Machines

• select * from MBAM_POLICY_DATA

• select * from RecoveryAndHardwareCore_Machines_Users

• select * from RecoveryAndHardwareCore_Machine_Types

• select * from RecoveryAndHardwareCore_Machines_Volumes

• select * from RecoveryAndHardwareCore_VolumeTypes

BitLocker Management Volume types

• 1 =OS Volume

• 2 =Fixed Data Volume

• 3 =Removable Volume

• 4 =Virtual Fixed Data Volume