SCCM Admins guide to preparing your environment for Bitlocker Drive Encryption – part 3

In part 1 and Part 2, I talked about the requirements for Bitlocker and walked you through how to extend your Active Directory Schema if you run Windows Server 2003 SP1/SP2 Windows Server 2003 R2 domain controllers. We then sat the permission so that a Windows 7 machine was able to write its own TPM owner password to Active Directory. Today we are going to put the configuration made in part 1 and 2 to the test and enable bitlocker on a Windows 7 machine. Then we are going to install the Bitlocker Recovery Password Viewer for Active Directory tool [...]

By | 2017-08-22T13:10:32+00:00 June 9th, 2011|Security, Service Manager (SCSM)|6 Comments

SCCM Admins guide to preparing your environment for Bitlocker Drive Encryption – part 2

In part 1, I talked about the requirements for Bitlocker and showed you how to extend your Active Directory Schema if you run Windows Server 2003 SP1/SP2 Windows Server 2003 R2 domain controllers. We then sat the permission so that a Windows 7 machine was able to write its own TPM owner password to Active Directory. Today I am going to walk you through how to configure the Group Policy settings for Bitlocker which is required, in order to enable the backup of the Bitlocker recovery password and the TPM owner password, to Active Directory. You will need either a [...]

Config Mgr. – Error creating query in a folder

Permissions required to create and modify a query in Configuration Manager is: Read Create Modify However if you have configured folders in the Query object you might end up with this error. The error message states that you don’t have permissions to create the query – but that’s not true. The query is created just not in the folder you expected. Instead the query is created in the root of the Query object. To fix this you need to assign Manage Folder permissions to the Query object. Then it works as expected.

By | 2009-04-07T13:38:41+00:00 April 7th, 2009|Security|0 Comments

Configuration Manager 2007 – Defining the service/helpdesk role

Defining permissions requires configuring access rights in the Config Mgr. console and adding objects to predefined groups on the site server. In this example I am defining permissions to the service desk role. Role description: Access to a user defined administrator console. Permissions to work with all objects in the “All workstations” collection. Permissions to to use remote tools. Permissions to read inventory data from the console and from reports. Permissions to read software packages and advertisements Permissions to read status messages. Permissions to create and read queries. To solve this case I have granted these Config Mgr. permissions: Object [...]

By | 2009-04-07T12:19:22+00:00 April 7th, 2009|Security|1 Comment