Sorry for just responding to this, it got lost in my inbox. Yes you can use MBAM to encrypt without a TPM. So long as you are doing this to existing machines, its not hard to setup at all. Just get the gpo settings in place to tell it where the mbam server is, and what encryption settings you want. I advise setting the new "grace period" setting to "0" (new to MBAM 2.5) to force the users to encrypt.
Then just deploy the mbam client to your machines. It will install and the next time it checks in, (you can force this by setting a registry key) http://technet.microsoft.com/en-us/library/jj571532.aspx It will prompt the user to encrypt, and ensure they have a removable drive inserted. The recovery keys will be backed up in the database. I am not sure the exact steps required to replace a lost usb drive, although I believe it's just copying the key package that MBAM generates when you access the recovery key over to a new usb drive. Be careful if you are using Bitlocker-to-Go, as if the usb drive with the startup key gets encrypted you won't be able to boot. I will ask, how old is the hardware that you are working with? Or are these "consumer" machines? Let me know if you have any further questions. From: [email protected] [mailto:[email protected]] On Behalf Of Johns, Damon (DoJ) Sent: Wednesday, October 08, 2014 16:41 To: [email protected] Subject: [mssms] RE: MBAM and computers without TMP's Hi Guys, hope you can answer this one quickly. Can you store Bitlocker keys in MBAM when using Bitlocker on computers without TPM's? You can still enable it (which I have done via GP on one of these PC's without any MBAM) and you are prompted to store the key on an external key drive. Everything works as expected in that you need to present that key upon start up for the computer to boot. Just looking to securely store these startup boot keys and the bitlocker recovery keys in MBAM and perhaps automate the Bitlocker encryption process using MBAM - possible? Has anyone done this particular type of implementation? Cheers Damon ________________________________ CONFIDENTIALITY NOTICE AND DISCLAIMER The information in this transmission may be confidential and/or protected by legal professional privilege, and is intended only for the person or persons to whom it is addressed. If you are not such a person, you are warned that any disclosure, copying or dissemination of the information is unauthorised. If you have received the transmission in error, please immediately contact this office by telephone, fax or email, to inform us of the error and to enable arrangements to be made for the destruction of the transmission, or its return at our cost. No liability is accepted for any unauthorised use of the information contained in this transmission.
