MBAM - Self Service Portal

karthik palani 986 Reputation points
2020-12-23T08:20:36.997+00:00

Hi All,

I have a standalone MBAM 2.5 SP1 server, the web application and clients are getting encrypted perfectly fine. I need some clarification on the below if it is normal

I tried below scenario from the end user perspective

  1. Create a test ID - user1 and user2 (Or test with available ID’s)
  2. Logon to a test laptop using USER1 and encrypt it
  3. Now USER2 logs on to the same laptop and decrypt & encrypt the laptop again
  4. Wait for sometime, logged on to self service portal with USER1 and USER2. Both can get the recovery ID

As per my understanding only the latest User ID should have access and other should not. Please advise is this normal

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,208 questions
No comments
{count} votes

Accepted answer
  1. AliceYang-MSFT 2,071 Reputation points
    2020-12-24T10:46:40.57+00:00

    Hi,

    I tested this scenario too but without MBAM because I don't have one.

    1. create user 1 and user 2
    2. logon with user1 and turn BitLocker on, save the recovery key file
    3. logon with user2, decrypt the volume, turn BitLocker off then turn it on again to encrypt it, save the recovery key file
    4. compare two recovery key files

    Conclusion: Each encryption will generate a new recovery key. Recovery IDs are also different.

    So I think it's normal that user 1 and user2 both have recovery ID in their self service portal.

    But during my test, I found that when I logon with user2, I can see file and file folder of user1 when I choose to save a file. The files and folders were created on user1's desktop. I cannot see them on user2's desktop so I cannot try whether I can open them but they did appear when choosing where to put newly-created files.

    So if two users use same computer, they may both have access to some data in the PC. This might be a risk.

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 additional answers

Sort by: Most helpful