In my previous post has details on how to configure the BitLocker. This post will see how to Install and Configure BitLocker Portals.
Prerequisites for BitLocker Portals
To use a self-service portal or administration and monitoring websites, need to a have Windows server Running IIS.
Microsoft ASP.Net MVC 4.0 is required to install on the same IIS server.
SysAdmin rights on SQL is required for the account used to run scripts to install a self-service portal.
Groups
Create these groups in Active Directory and the user account needs to be in one of the following groups.
BitLocker Help Desk Admins:- Provide access to all areas of the administration and monitoring website. We can help a user recover their drives, you can enter only the recovery key.
BitLocker Help Desk Users:- provide access to the Manage TPM and Drive Recovery areas of the administration and monitoring website. If a user is a member of both this group and the BitLocker Help Desk Admin, the admin group permissions override the user group permissions.
BitLocker Report Users:- Provide access to the Report area of the administration and monitoring website.
Install Portal
Below files are already available at Configmgr installation folder\cd.latest\SMSSetup\Bin\x64
Run the PowerShell command from the folder having the above files.
Once the command is executed can see the below entries.
Command:-.\MBAMWebSiteInstaller.ps1 -SqlServerName MEC-PS1SITE.mecmtechie.com -SqlDatabaseName CM_ps1 -ReportWebServiceUrl "http://MEC-PS1SITE.mecmtechie.com/ReportServer" -HelpdeskUsersGroupName "mecmtechie\BitLocker help desk users" -HelpdeskAdminsGroupName "mecmtechie\BitLocker help desk admins" -MbamReportUsersGroupName "mecmtechie\BitLocker report users" -SiteInstall Both
Access the Administration and monitoring portal URL http://mec-ps1site.mecmtechie.com/helpdesk/
Access the Self-services Portal URL http://mec-ps1site.mecmtechie.com/selfservice/
After installing the portal you can customize the portal.
Launch IIS application.
Goto Sites --> Default Website --> Self Service --> Application Setting
Company Name:- Organization name displays in the self-service portal.
Display Notice:- That the user has to acknowledge in the self-service portal.
HelpDesk Text:- Contact Information.
NoticeTextPath:- Notice that the user requires to acknowledge, by default on the webserver c:\inetpub\Microsoft BitLocker Management Solution\Self Service Website\Notice. txt
SQL queries:-
select * from RecoveryAndHardwareCore_Keys
select * from RecoveryAndHardwareCore_Machines
select * from MBAM_POLICY_DATA
select * from RecoveryAndHardwareCore_Machines_Users
select * from RecoveryAndHardwareCore_Machine_Types
select * from RecoveryAndHardwareCore_Machines_Volumes
select * from RecoveryAndHardwareCore_VolumeTypes
BitLocker Management Volume types
1 =OS Volume
2 =Fixed Data Volume
3 =Removable Volume
4 =Virtual Fixed Data Volume