top of page

Install and Configure BitLocker Portals with MECM

In my previous post has details on how to configure the BitLocker. This post will see how to Install and Configure BitLocker Portals.

Prerequisites for BitLocker Portals

  • To use a self-service portal or administration and monitoring websites, need to a have Windows server Running IIS.

  • Microsoft ASP.Net MVC 4.0 is required to install on the same IIS server.

  • SysAdmin rights on SQL is required for the account used to run scripts to install a self-service portal.


Create these groups in Active Directory and the user account needs to be in one of the following groups.

  • BitLocker Help Desk Admins:- Provide access to all areas of the administration and monitoring website. We can help a user recover their drives, you can enter only the recovery key.

  • BitLocker Help Desk Users:- provide access to the Manage TPM and Drive Recovery areas of the administration and monitoring website. If a user is a member of both this group and the BitLocker Help Desk Admin, the admin group permissions override the user group permissions.

  • BitLocker Report Users:- Provide access to the Report area of the administration and monitoring website.

Install Portal

  • Below files are already available at Configmgr installation folder\cd.latest\SMSSetup\Bin\x64

  • Run the PowerShell command from the folder having the above files.

  • Once the command is executed can see the below entries.

Command:-.\MBAMWebSiteInstaller.ps1 -SqlServerName -SqlDatabaseName CM_ps1 -ReportWebServiceUrl "" -HelpdeskUsersGroupName "mecmtechie\BitLocker help desk users" -HelpdeskAdminsGroupName "mecmtechie\BitLocker help desk admins" -MbamReportUsersGroupName "mecmtechie\BitLocker report users" -SiteInstall Both

  • Access the Self-services Portal URL

After installing the portal you can customize the portal.

  • Launch IIS application.

  • Goto Sites --> Default Website --> Self Service --> Application Setting

  1. Company Name:- Organization name displays in the self-service portal.

  2. Display Notice:- That the user has to acknowledge in the self-service portal.

  3. HelpDesk Text:- Contact Information.

  4. NoticeTextPath:- Notice that the user requires to acknowledge, by default on the webserver c:\inetpub\Microsoft BitLocker Management Solution\Self Service Website\Notice. txt

SQL queries:-

  • select * from RecoveryAndHardwareCore_Keys

  • select * from RecoveryAndHardwareCore_Machines

  • select * from MBAM_POLICY_DATA

  • select * from RecoveryAndHardwareCore_Machines_Users

  • select * from RecoveryAndHardwareCore_Machine_Types

  • select * from RecoveryAndHardwareCore_Machines_Volumes

  • select * from RecoveryAndHardwareCore_VolumeTypes

BitLocker Management Volume types

  • 1 =OS Volume

  • 2 =Fixed Data Volume

  • 3 =Removable Volume

  • 4 =Virtual Fixed Data Volume

2,781 views0 comments

Recent Posts

See All


bottom of page