Microsoft BitLocker Administration and Monitoring
Connector name |
|
Connector type | Executable |
Type (UI field value) | BitLocker Administration and Monitoring |
Connector status / support | Bravura Security-Verified This connector has been tested and is fully supported by Bravura Security. |
Installation / setup | Bravura Security Fabric can also list users and provide a method to obtain a challenge response for BitLocker HDD Encryption using the |
The following Bravura Security Fabric operations are supported by this connector (depending on your product license and version):
get server information
Challenge-response - generate an unlock code to recover control of a machine after reboot
List:
accounts
For a full list and explanation of each connector operation, see connector operations.
Notes on challenge-response operation
For the challenge response operation, the challenge input field is used to identify which computer the user is trying to retrieve a recovery key for. Users enter the on screen code from their Bitlocker-encrypted machine into Bravura Security Fabric 's Unlock encrypted systems/accounts module, which returns the code they enter to unlock the machine.
The process for agtmbam is:
End user accesses Bravura Pass and choose Unlock encrypted systems/accounts then chooses Bitlocker.
The "Recovery Key ID" must be obtained from the affected device from the Bitlocker Recovery screen.
That "Recovery Key ID" is provided as input to the Unlock encrypted systems/accounts module in Bravura Pass as the challenge code.
The
agtmbamconnector gets the "Recovery Key" from the MBAM target system then returns it to the user.
See Self Service Anywhere: Encrypted systems accounts for more information.
Preparation
Bravura Security Fabric uses a designated database account on Microsoft BitLocker Administration and Monitoring database to perform Bravura Security Fabric operations.
Create an account with appropriate permissions if one does not already exist.
The target system administrator must have the "Select" permission and the "ReadRole" on the MBAM Recovery and Hardware database.
Targeting the Microsoft BitLocker Administration and Monitoring system
For each Microsoft BitLocker Administration and Monitoring system, add a target system in Bravura Security Fabric (Manage the System > Resources > Target systems):
Type is Microsoft BitLocker Administration and Monitoring .
Address uses the following options:
Database server name The name or IP address of the backing database server used by the Microsoft BitLocker Administration and Monitoring.
(key: dbserver)
ODBC Driver Select:
SQL Server Native Client 9 - for SQL Server 2005
SQL Server Native Client 10.0 - for SQL Server 2008
SQL Server Native Client 11.0 - for SQL Server 2012/2014
ODBC Driver 11 for SQL Server - for SQL Server
(key: driver)
Filter users without any volume permissions A flag used to filter users if they do not have discovery key managed by MBAM server.
(key: filterUsers)
The address is entered as follows:
{dbserver=<MBAM database server>[;driver=<driver>;][filterUsers=false;]}
The full list of target parameters is explained in Target System Options .
Handling account attributes
You can view the complete list of attributes that Bravura Security Fabric can manage, including native and pseudo-attributes, using the Manage the system (PSA) module. To do this, select Microsoft BitLocker Administration and Monitoring from the Manage the system > Resources > Account attributes > Target system type menu.
For information about the native Microsoft BitLocker Administration and Monitoring attributes managed by Bravura Security Fabric , consult your Microsoft BitLocker Administration and Monitoring documentation.