Evaluating MBAM 2.0
Before deploying Microsoft BitLocker Administration and Monitoring (MBAM) into a production environment, you should evaluate it in a test environment. The information in this topic can be used to set up Microsoft BitLocker Administration and Monitoring with a Stand-alone topology in a single-server test environment for evaluation purposes only. A single-server topology is not recommended for production environments.
For instructions on deploying MBAM in a test environment, see How to Install and Configure MBAM on a Single Server.
Setting up the Test Environment
Even though you are setting up a non-production instance of MBAM to evaluate in a test environment, you should still verify that you have met the prerequisites and hardware and software requirements. Before you start the installation, see MBAM 2.0 Deployment Prerequisites, MBAM 2.0 Supported Configurations, and Preparing your Environment for MBAM 2.0.
Plan for an MBAM Evaluation Deployment
| Task | References | Notes | |
|---|---|---|---|
 |
Review the Getting Started information about MBAM to gain a basic understanding of the product before beginning deployment planning. |
||
|
Plan for MBAM 2.0 Deployment Prerequisites and prepare your computing environment. |
||
|
Plan for and configure MBAM Group Policy requirements. |
||
|
Plan for and create necessary Active Directory Domain Services security groups, and plan for MBAM local security group membership requirements. |
||
|
Plan for deploying MBAM Server feature deployment. |
||
|
Plan for deploying MBAM Client deployment. |
Perform an MBAM Evaluation Deployment
After completing the necessary planning and software prerequisite installations to prepare your computing environment for the MBAM installation, you can begin the MBAM evaluation deployment.
|
Review the MBAM supported configurations information to make sure that selected client and server computers are supported for MBAM feature installation. |
||
|
Run MBAM Setup to deploy MBAM Server features on a single server for evaluation purposes. |
||
|
Add Active Directory Domain Services security groups, that you created during the planning phase, to the appropriate local MBAM Server feature local groups on the new MBAM Server. |
Planning for MBAM 2.0 Administrator Roles and How to Manage MBAM Administrator Roles |
|
|
Create and deploy required MBAM Group Policy Objects. |
||
|
Deploy the MBAM Client software. |
Configure Lab Computers for MBAM Evaluation
This section contains information that can be used to speed up the MBAM Client status reporting. However, these modifications should be used for testing purposes only.
Note The information in following section describes how to modify the Windows registry. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall Windows. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.
Modify MBAM Client Status Reporting Frequency Settings
The MBAM Client wakeup and status reporting frequencies have a minimum value of 90 minutes when they are set using Group Policy. You can use the Windows registry to change these frequencies to a lower value on MBAM client computers to help speed up testing.
To modify the MBAM Client status reporting frequency settings:
Use a registry editor to navigate to HKLM\Software\Policies\Microsoft\FVE\MDOPBitLockerManagement.
Change the values for ClientWakeupFrequency and StatusReportingFrequency to 1 as the minimum client-supported value. This change causes the MBAM Client to report every minute.
Restart BitLocker Management Client Service.
Note To set values that are this low, you must set them in the registry manually.
Modify MBAM Client Service Startup Delay
In addition to the MBAM Client wakeup and status reporting frequencies, there is a random delay of up to 90 minutes when the MBAM Client agent service starts on client computers. If you do not want the random delay, create a DWORD value of NoStartupDelay under HKLM\Software\Microsoft\MBAM, set its value to 1, and then restart BitLocker Management Client Service.