HCL Technologies Ltd.
GIT / Page No.: 7 of 7
Date of Release:5th Jun,2013
Version: 1.0

Page 2 of 18

Company Restricted

HCL Technologies Ltd.
GIT / Page No.: 7 of 7
Date of Release:5th Jun,2013
Version: 1.0

Document Information

Published By
Document ID
Document Authors / Paras Jain
Document Owner / Amit Kumar Jain
Document Approver / Inder Pal Singh
Date of Release / 5th Jun 2013
Release Version / 1.0
Description of Change

Document Maintenance

Version No. / Date of Change / Section/Page / Description of Change

Distribution

Version / Date / Recipient / Role
Distribution Group (s) / Names

Data & Information Classification

Attribute or ‘Classification’ / Description / Risk Rating
Internal Use/ Restricted / Disclosure outside HCL could harm our interests. / AMBER: Medium

Table of Contents

1. Abbreviations/ Definitions 4

2. Objective 4

3. Process Overview 4

4. Scope 4

5. Input 4

6. Process Flow 5

7. Output 6

8. Roles and Responsibilities 6

9. References 6

10. Templates 6

1.  Abbreviations/ Definitions

·  MBAM – Microsoft BitLocker Administration & Monitoring

·  TPM – Trusted Platform Module

·  GPO – Group Policy Objects

·  AD – Active Directory

·  DC – Domain Controller

·  RDP – Remote Desktop Protocol

·  CMD – Command Prompt

·  UAC – User Access Control

·  GPMC – Group Policy Management Console

·  SCCM – System Center Configuration Manager

2.  Objective

The purpose of this document is to let you understand the simple process flow to get the OS and Fixed drive of a user’s system encrypted via BitLocker & its administration.

3.  Process Overview

Microsoft BitLocker Administration and Monitoring (MBAM) offers an enterprise solution for BitLocker provisioning, monitoring and key recovery. MBAM will help us simplify BitLocker provisioning and deployment independent or as part of our Windows migration. It also help us in improving compliance and reporting of BitLocker, and reducing support costs. Microsoft BitLocker Administration and Monitoring (MBAM) provide a simplified administrative interface to BitLocker drive encryption. MBAM allows us to select BitLocker encryption policy options appropriate to our enterprise, monitor client compliance with those policies, report on the encryption status of the enterprise as well as individual computers, and recover lost encryption keys. There is no additional costing involved in deployment of MBAM clients.

4.  Scope

This document will cover the process flow behind the deployment of BitLocker via MBAM or ADDS on HCL systems.

Process Area / HCLAPPS / HCL BSERV / HCL ISD / GEO
BitLocker Deployment / Yes / Yes / Yes / Yes

5.  Input

·  MBAM Client Binaries or MBAM SCCM Installation Package

·  MBAM/BitLocker GPOs pushed from DC

·  Target client machines

6.  Process Flow

STEP / DESCRIPTION / ROLE /
MBAM Client Installation (automated via SCCM & manual in case if required). / §  Verification of all prerequisites on the targeted client machines before installation.
§  Installation of MBAM client depending upon the type of OS installed in it to be performed on Targeted systems. / GIT SCCM Team will push the MBAM SCCM Package via SCCM server & Local IT Team at respective locations has to carry out these activities, in case if manual intervention is required.
MBAM/BitLocker GPO / §  In order to successfully deploy Microsoft BitLocker Administration and Monitoring (MBAM), necessary Group Policies has to be deployed via GPMC. / GIT AD Team will get this applied via GPMC installed on a DC.
Getting MBAM UI pop up / §  Once everything is set as per prerequisite guidelines, client will start communicating with MBAM IIS and Database servers & a MBAM UI pop-up to start or postponed drive encryption will come up automatically after a default time period of 90 minutes after service restart. / It will be an automated process.
Initiation of drive encryption / §  End user has to start the BitLocker drive encryption via MBAM UI by entering PIN/Password of his/her own preference. / End user has to take action on this in case if there machine is having TPM chip or Win 8 installed.
Manual Initiation of Fixed Drive Encryption / §  Local IT Support team needs to initiate BitLocker encryption manually on the machine which has Win 7 Enterprise installed & has no TPM available. / Local IT Support to follow Work Instruction Doc to enable BitLocker on Fixed Drives.
Troubleshooting / §  Some basic troubleshooting to be carried out. / Local IT Support
Administration / §  Recover encrypted drives in recovery mode.
§  Recover moved encrypted drives.
§  Recover corrupted drives.
§  Reset TPM lockout
§  Determine BitLocker Encryption State of lost computers by Using MBAM / IT Helpdesk/ASD Support
Reporting / §  Computer Compliance Report
§  Enterprise Compliance Report
§  Recovery Audit Report / GIT AD Team

7.  Output

·  Will have encrypted OS & Fixed drives

·  Computer compliance report

·  Enterprise compliance report

·  Recovery audit reports

8.  Roles and Responsibilities

9.  References

Sr. No. / Name / Document ID
1 / WI_BitLocker.doc

10.  Templates

Sr. No. / Name / Document ID
Not applicable

7