Having installed the MBAM components in the first part of this series of posts it is now time to validate that the IIS components are in place and also to be aware of what each of them do.
Part 1: Installation of MBAM components
Part 2: Validating IIS sites and customisation
Part 3: Configuration of GPO policies and client agent deployment
Part 4: Validation of key storage and recovery tests
The Self Service Portal
The self-service portal provides end-users with a quick means of recovering their BitLocker recovery password in the event of a recovery event being triggered. Let us go ahead and validate that the component was successfully installed;
- Launch a web browser and browse to the following URL – http;//MBAMServer.YourDomain.Suffix/SelfService
- If you can see a page similar to the one above, the SeflService page is ready to use (we will test SQL access later)
Customising The Self Service Portal
Should you want to create a branded self service portal like the above, you will need to edit the site master layout and the CSS file for the site. To do so, simply follow the below;
SITE Style Sheet
- Browse to the following location – C:\inetpub\Microsoft BitLocker Management Solution\Self Service Website\Content
- Create a backup of the Site.CSS style sheet
- Open the Site.CSS style sheet
- Now you can remove the gradient background by changing the following;body
{
font-family: “Segoe UI”, Verdana, sans-serif;
font-size: 14px;
color: #333;
background: #DFF2F9url(images/BrowsersBkgd_repeat-x.jpg) top left repeat-x;
margin: 0px;
} - Next update the background colour with your preferred colour in hexadecimal format
- In this example #DFF2F9 is replaced with #FFFFFF for a white background;body{
font-family: “Segoe UI”, Verdana, sans-serif;
font-size: 14px;
color: #333;
background: #FFFFFF ;
margin: 0px;
} - In order to give the header block a contrasting background, locate the following section of code;#header
{
display: block;
} - Add a background entry with your background colour again in hexadecimal format, you should then have a section like the below#header
{
display: block;
background: #454442;
}
Adding A Custom Logo
In order to add an image with your organisations logo you will need obviously first of all to create and size your logo. In the example shown below I have used a pixel height of 120 and colour matched the background;
Now to insert the logo;
- Save the image file to the following location;
C:\inetpub\Microsoft BitLocker Management Solution\Self Service Website\Content\Images - Browse to the following location and create a backup of the Site.Master filer;
C:\inetpub\Microsoft BitLocker Management Solution\Self Service Website\Views\Shared - Open the Site.Master in a text editor
- Scroll down to the following section;<div id=”header”>
<div class=”content”>
<% Html.RenderPartial(“UserIdentityControl”); %>
<br/>
<% Html.RenderPartial(“UserLogoutControl”); %>
<h1>
<asp:Literal runat=”server” Mode=”Encode” Text=”<%$appSettings:CompanyName %>” />
</h1>
</div>
</div> - Add the HTML image tags and comment out the text company name as per the below;<div id=”header”>
<div class=”content”>
<% Html.RenderPartial(“UserIdentityControl”); %>
<br/>
<% Html.RenderPartial(“UserLogoutControl”); %>
<img src=”<%= Url.Content(“https://lab-mbam.scconfigmgrlab.local/SelfService/Content/Images/SCConfigMgrBackgroundLarge.png”) %>” alt=”SCConfigrMgr Lab Environment”>
<!–
<h1>
<asp:Literal runat=”server” Mode=”Encode” Text=”<%$appSettings:CompanyName %>” />
</h1>
–>
</div>
</div>
The Helpdesk Portal
Self-explanatory in its naming, the Helpdesk portal provides helpdesk staff with a means of recovering keys and managing TPM states. Let’s go ahead and validate access;
- Launch a web browser and browse to the following URL – http;//MBAMServer.YourDomain.Suffix/Helpdesk
- If you can see a page similar to the one above, the SeflService page is ready to use (we will test SQL access later)
Recovery & Status Service Endpoints
In order for the MBAM client agent to escrow the recovery key and provide status/compliance messages to the MBAM database, two IIS service points are used. You can test these by running through the following;
- Launch a web browser and browse to either or both of the following URLs –
http;//MBAMServer.YourDomain.Suffix/MBAMRecoveryAndHardwareService/CoreService.svc,
http;//MBAMServer.YourDomain.Suffix/MBAMComplianceStatusService/StatusReportingService.svc - You now see a page similar to the below;
Next Step
In the next part of the series we will look at configuration of the MBAM group policy settings and deploying the MBAM client.
Add comment