How to Manage MBAM Administrator Roles

Platí pro: Microsoft BitLocker Administration and Monitoring 1.0

After Ochrana koncového bodu Microsoft BitLocker (MBAM) Setup is complete for all server features, administrative users must be granted access to these server features. As a best practice, administrators who will manage or use MBAM server features, should be assigned to Active Directory security groups and then those groups should be added to the appropriate MBAM administrative local group.

To manage MBAM Administrator Role memberships

1. Assign administrative users to security groups in Active Directory Domain Services.

2. Add Active Directory Domain Services security groups to the roles for MBAM administrative local groups on the Správa a monitorování Microsoft BitLocker server for the respective features. The user roles are as follows:

   • MBAM System Administrators have access to all Správa a monitorování Microsoft BitLocker features in the MBAM administration website.

   • MBAM Hardware Users have access to the Hardware Compatibility features in the MBAM administration website.

   • MBAM Helpdesk Users have access to the Manage TPM and Drive Recovery options in the MBAM administration website, but must fill in all fields when they use either option.

   • MBAM Report Users have access to the Compliance and Audit reports in the MBAM administration website.

   • MBAM Advanced Helpdesk Uses have access to the Manage TPM and Drive Recovery options in the MBAM administration website. These users are not required to fill in all fields when they use either option.

   For more information about roles for Správa a monitorování Microsoft BitLocker, see Planning for MBAM 1.0 Administrator Roles.

Viz také

Další zdroje

Administering MBAM 1.0 Features

-----
You can learn more about MDOP in the TechNet Library, search for troubleshooting on the TechNet Wiki, or follow us on Facebook or Twitter.
-----