Upload
others
View
76
Download
0
Embed Size (px)
Citation preview
Cmdlet Reference for Microsoft BitLocker Administration and Monitoring (MBAM)
Microsoft Corporation
Published: May 1, 2014
Applies To
Microsoft BitLocker Administration and Monitoring (MBAM) 2.5
Feedback Send suggestions and comments about this document to [email protected].
Copyright
This document is provided "as-is". Information and views expressed in this document, including URL
and other Internet website references, may change without notice.
Some examples depicted herein are provided for illustration only and are fictitious. No real association
or connection is intended or should be inferred.
This document does not provide you with any legal rights to any intellectual property in any Microsoft
product. You may copy and use this document for your internal, reference purposes. You may modify
this document for your internal, reference purposes.
© 2014 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, Bing, Excel, Hyper-V, Internet Explorer, Silverlight, SQL Server, Windows,
Windows Intune, Windows PowerShell, Windows Server, and Windows Vista are trademarks of the
Microsoft group of companies. All other trademarks are property of their respective owners.
Revision History
Release Date Changes
May 1, 2014 Initial release of this document.
Contents
Disable-MbamCMIntegration ..................................................................................................................... 4
Disable-MbamReport ................................................................................................................................. 7
Disable-MbamWebApplication................................................................................................................... 9
Enable-MbamCMIntegration .................................................................................................................... 13
Enable-MbamDatabase ........................................................................................................................... 18
Enable-MbamReport ................................................................................................................................ 23
Enable-MbamWebApplication ................................................................................................................. 27
Get-MbamBitLockerRecoveryKey ........................................................................................................... 38
Get-MbamCMIntegration ......................................................................................................................... 42
Get-MbamReport ..................................................................................................................................... 44
Get-MbamTPMOwnerPassword .............................................................................................................. 46
Get-MbamWebApplication ....................................................................................................................... 49
Test-MbamCMIntegration ........................................................................................................................ 53
Test-MbamDatabase ............................................................................................................................... 58
Test-MbamReport .................................................................................................................................... 63
Test-MbamWebApplication ...................................................................................................................... 67
Disable-MbamCMIntegration
Disable-MbamCMIntegration
Disables the MBAM System Center Configuration Manager Integration feature.
Syntax
Parameter Set: Default
Disable-MbamCMIntegration [-Force] [-RemoveComplianceData] [-Confirm] [-WhatIf] [
<CommonParameters>]
Detailed Description
The Disable-MbamCMIntegration cmdlet disables the Microsoft BitLocker Administration and
Monitoring (MBAM) System Center Configuration Manager Integration feature.
Parameters
-Force
Indicates that the cmdlet performs the operation without prompting you for confirmation.
Aliases none
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-RemoveComplianceData
Indicates that this cmdlet removes compliance data, as well as reports, from Configuration Manager. If
you do not specify this parameter, this cmdlet only removes the Configuration Manager reports.
Aliases none
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-Confirm
Prompts you for confirmation before executing the command.
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-WhatIf
Describes what would happen if you executed the command without actually executing the command.
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -
OutBuffer, and -OutVariable. For more information, see about_CommonParameters.
Examples
Example 1: Disable the System Center Configuration Manager
Integration feature
This command disables the MBAM System Center Configuration Manager Integration feature after you
confirm the operation.
PS C:\> Disable-MbamCMIntegration
Are you sure you want to perform this action?
Performing operation "Disable MBAM CM Integration feature"
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"):
Related topics
Enable-MbamCMIntegration
Get-MbamCMIntegration
Test-MbamCMIntegration
Disable-MbamReport
Disable-MbamReport
Disables the Reports feature.
Syntax
Parameter Set: Default
Disable-MbamReport [-Force] [-Confirm] [-WhatIf] [ <CommonParameters>]
Detailed Description
The Disable-MbamReport cmdlet disables the Microsoft BitLocker Administration and Monitoring
(MBAM) Reports feature.
Parameters
-Force
Indicates that the cmdlet performs the operation without prompting you for confirmation.
Aliases none
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-Confirm
Prompts you for confirmation before executing the command.
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-WhatIf
Describes what would happen if you executed the command without actually executing the command.
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -
OutBuffer, and -OutVariable. For more information, see about_CommonParameters.
Examples
Example 1: Disable the Reports feature
This command disables the Reports feature. The command does not specify the Force parameter, and,
therefore, the command prompts you for confirmation.
PS C:\> Disable-MbamReport
Are you sure you want to perform this action?
Performing operation "Disable MBAM Reports feature"
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"):
Related topics
Enable-MbamReport
Get-MbamReport
Test-MbamReport
Disable-MbamWebApplication
Disable-MbamWebApplication
Disables a web application.
Syntax
Parameter Set: ParameterSetAdministrationPortal
Disable-MbamWebApplication -AdministrationPortal [-Force] [-Confirm] [-WhatIf] [
<CommonParameters>]
Parameter Set: ParameterSetAgentService
Disable-MbamWebApplication -AgentService [-Force] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: ParameterSetSelfServicePortal
Disable-MbamWebApplication -SelfServicePortal [-Force] [-Confirm] [-WhatIf] [
<CommonParameters>]
Detailed Description
The Disable-MbamWebApplication cmdlet disables a Microsoft BitLocker Administration and
Monitoring (MBAM) web application. This cmdlet removes any website files that the Enable-
MbamWebApplication cmdlet installed when you enabled the application.
Parameters
-AdministrationPortal
Indicates that this cmdlet acts on the Administration and Monitoring Website web application.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-AgentService
Indicates that this cmdlet acts on the Agent Services web application.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-Force
Indicates that the cmdlet performs the operation without prompting you for confirmation.
Aliases none
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-SelfServicePortal
Indicates that this cmdlet acts on the Self-Service Portal web application.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-Confirm
Prompts you for confirmation before executing the command.
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-WhatIf
Describes what would happen if you executed the command without actually executing the command.
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -
OutBuffer, and -OutVariable. For more information, see about_CommonParameters.
Examples
Example 1: Disable Administration and Monitoring Website
This command disables the Administration and Monitoring Portal feature. The cmdlet prompts you to
confirm the operation.
PS C:\> Disable-MbamWebApplication -AdministrationPortal
Are you sure you want to perform this action?
Performing operation "Disable MBAM Web Application (AdministrationPortal) feature"
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"):
Example 2: Disable the Self-Service Portal
This command disables the Self-Service Portal feature. The command specifies the Force parameter,
and, therefore, the cmdlet does not prompt you to confirm the operation.
PS C:\> Disable-MbamWebApplication -SelfServicePortal -Force
Example 3: Disable Agent Services
This command disables the Agent Services feature. The cmdlet prompts you to confirm the operation.
PS C:\> Disable-MbamWebApplication -AgentService
Are you sure you want to perform this action?
Performing operation "Disable MBAM Web Application (AgentService) feature"
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"):
Related topics
Enable-MbamWebApplication
Get-MbamWebApplication
Test-MbamWebApplication
Enable-MbamCMIntegration
Enable-MbamCMIntegration
Enables the MBAM System Center Configuration Manager Integration feature.
Syntax
Parameter Set: ParameterSetCMReportsOnly
Enable-MbamCMIntegration -BitLockerProtectionBaselineLogicalName <String> -
FixedDataDriveConfigurationItemLogicalName <String> -
OperatingSystemDriveConfigurationItemLogicalName <String> -ReportsCollectionID <String> -
ReportsOnly [-SkipValidation] [-SsrsInstance <String> ] [-SsrsServer <String> ] [-Confirm]
[-WhatIf] [ <CommonParameters>]
Parameter Set: ParameterSetDefault
Enable-MbamCMIntegration [-SkipValidation] [-SsrsInstance <String> ] [-SsrsServer <String> ]
[-Confirm] [-WhatIf] [ <CommonParameters>]
Detailed Description
The Enable-MbamCMIntegration cmdlet enables the Microsoft BitLocker Administration and
Monitoring (MBAM) System Center Configuration Manager Integration feature. This feature integrates
Configuration Manager with MBAM, and moves the compliance and reporting infrastructure into the
Configuration Manager environment.
Parameters
-BitLockerProtectionBaselineLogicalName<String>
Specifies the logical name of the BitLocker protection baseline.
Aliases BaselineLogicalName
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-FixedDataDriveConfigurationItemLogicalName<String>
Specifies the logical name of the fixed data drive configuration item.
Aliases FDDLogicalName
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-OperatingSystemDriveConfigurationItemLogicalName<String>
Specifies the logical name of the operating system drive configuration item.
Aliases OSDLogicalName
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-ReportsCollectionID<String>
Specifies an existing collection ID. This ID is used by the reports to set the default collection for which
the reports display compliance data.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-ReportsOnly
Indicates that only the Configuration Manager reports are deployed.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-SkipValidation
Indicates that this cmdlet bypasses validation of parameter values. If you specify this parameter, the
feature may not function properly after you enable it.
Aliases none
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-SsrsInstance<String>
Specifies the SQL Server Reporting Services instance. This instance hosts the Configuration Manager
reports. This parameter is ignored if the server has System Center 2012Configuration Manager
installed.
Aliases none
Required? false
Position? named
Default Value MSSQLSERVER
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-SsrsServer<String>
Specifies the server with the SQL Server Reporting Services point role. This server hosts the
Configuration Manager reports. If you do not specify a server, the Configuration Manager reports are
deployed to the local server.
Aliases none
Required? false
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-Confirm
Prompts you for confirmation before executing the command.
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-WhatIf
Describes what would happen if you executed the command without actually executing the command.
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -
OutBuffer, and -OutVariable. For more information, see about_CommonParameters.
Examples
Example 1: Enable the Integration feature
This command enables the MBAM System Center Configuration Manager Integration feature on the
local Configuration Manager server. The MBAM reports are deployed on the default SQL Server
Reporting Services instance, MSSQLSERVER.
PS C:\> Enable-MbamCMIntegration
Related topics
Disable-MbamCMIntegration
Get-MbamCMIntegration
Test-MbamCMIntegration
Enable-MbamDatabase
Enable-MbamDatabase
Enables the Compliance and Audit and Recovery databases.
Syntax
Parameter Set: ParameterSetCompliance
Enable-MbamDatabase -AccessAccount <String> -ComplianceAndAudit -ConnectionString <String> -
ReportAccount <String> [-DatabaseName <String> ] [-SkipValidation] [-Confirm] [-WhatIf] [
<CommonParameters>]
Parameter Set: ParameterSetRecovery
Enable-MbamDatabase -AccessAccount <String> -ConnectionString <String> -Recovery [-
DatabaseName <String> ] [-SkipValidation] [-Confirm] [-WhatIf] [ <CommonParameters>]
Detailed Description
The Enable-MbamDatabase cmdlet enables a Compliance and Audit or a Recovery Database.
Parameters
-AccessAccount<String>
Specifies a domain user or group. This domain user or group has read/write permission to this
database, which enables web applications to access the data and reports. If the value is a domain user,
the WebServiceApplicationPoolCredential parameter in the Enable-MbamWebApplication cmdlet
must use the same user account. If the value is a group, the domain account used by the
WebServiceApplicationPoolCredential parameter must be a member of this group.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-ComplianceAndAudit
Indicates that the Compliance and Audit Database is enabled.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-ConnectionString<String>
Specifies the connection string used to connect to the data store. The Integrated Security field must be
in the connection string.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-DatabaseName<String>
Specifies the name of the database. This parameter cannot contain leading or trailing spaces or non-
printable characters. If you do not specify a name, the Compliance and Audit Database is given the
name MBAM Compliance Status, and the Recovery database is given the name MBAM Recovery and
Hardware.
Aliases none
Required? false
Position? named
Default Value "MBAM Compliance Status" for Compliance DB;
"MBAM Recovery and Hardware" for Recovery
DB
Accept Pipeline Input? false
Accept Wildcard Characters? false
-Recovery
Indicates that the Recovery Database is enabled.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-ReportAccount<String>
Specifies a domain user or group. This domain user or group has read-only permission to this
database, which enables reports to access the compliance and audit data. If the value is a domain user,
the ComplianceAndAuditDBCredential parameter in the Enable-MbamReport cmdlet must use the
same user account. If the value is a domain user group, the domain account used by the
ComplianceAndAuditDBCredential parameter must be a member of this group.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-SkipValidation
Indicates that this cmdlet bypasses validation of parameter values. If you specify this parameter, the
feature may not function properly after you enable it.
Aliases none
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-Confirm
Prompts you for confirmation before executing the command.
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-WhatIf
Describes what would happen if you executed the command without actually executing the command.
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -
OutBuffer, and -OutVariable. For more information, see about_CommonParameters.
Examples
Example 1: Enable the Compliance and Audit Database
This command enables the Compliance and Audit Database on MyDatabaseServer. The name of the
database is MyComplianceDatabaseName. The domain account MyAccessAccount has read/write
permission to the database, and MyReportAccount has read-only permission to the database for
reporting purposes. The current Windows account credentials are used for authentication.
PS C:\> Enable-MbamDatabase -ComplianceAndAudit -ConnectionString "Integrated
Security=SSPI;Data Source=MyDatabaseServer" -AccessAccount "MyDomain\MyAccessAccount" -
ReportAccount "MyDomain\MyReportAccount" -DatabaseName "MyComplianceDatabaseName"
Example 2: Enable the Recovery Database
This command enables the Recovery database on MyRecoveryDatabaseServer. The name of the
database is MyRecoveryDatabaseName. The domain account MyAccessAccount has read/write
permission to the database. The command uses the current Windows account credentials for
authentication.
PS C:\> Enable-MbamDatabase -Recovery -ConnectionString "Integrated Security=SSPI;Data
Source=MyDatabaseServer" -AccessAccount "MyDomain\MyAccessAccount" -DatabaseName
"MyRecoveryDatabaseName"
Related topics
Enable-MbamReport
Enable-MbamWebApplication
Test-MbamDatabase
Enable-MbamReport
Enable-MbamReport
Enables the Reports feature on the local server.
Syntax
Parameter Set: Default
Enable-MbamReport -ComplianceAndAuditDBCredential <PSCredential> -ReportsReadOnlyAccessGroup
<String> [-ComplianceAndAuditDBConnectionString <String> ] [-SkipValidation] [-SsrsInstance
<String> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Detailed Description
The Enable-MbamReport cmdlet enables the Microsoft BitLocker Administration and Monitoring
(MBAM) Reports feature on a local Microsoft SQL Server Reporting Services instance.
Parameters
-ComplianceAndAuditDBConnectionString<String>
Specifies a connection string. The local SQL Server Reporting Services uses the string that this
parameter specifies to connect to the Compliance and Audit Database feature. The connection string
must contain values for the Integrated Security and Initial Catalog fields.
Aliases ComplianceDB
Required? false
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-ComplianceAndAuditDBCredential<PSCredential>
Specifies the domain account credentials that the local SQL Server Reporting Services instance uses to
connect to the Compliance and Audit Database. The domain user in the credentials must be the same
as the user that you specify for the ReportAccount parameter in the Enable-MbamDatabase cmdlet. If
you specified a domain user group for the ReportAccount parameter, the credentials that you specify for
the current parameter must be a member of that group.
Important: For improved security, use an account that has limited privileges. Also, configure the account
so that the password never expires.
Aliases ComplianceDBCred
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByValue, ByPropertyName)
Accept Wildcard Characters? false
-ReportsReadOnlyAccessGroup<String>
Specifies a domain user group. Specify a group that has read permission for the reports.
Aliases ReportsGroup
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-SkipValidation
Indicates that this cmdlet bypasses validation of parameter values. If you specify this parameter, the
feature may not function properly after you enable it.
Aliases none
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-SsrsInstance<String>
Specifies the SQL Server Reporting Services instance. After installation, this instance hosts the reports.
If you do not specify an instance, the cmdlet uses the default instance, MSSQLSERVER.
Aliases none
Required? false
Position? named
Default Value MSSQLSERVER
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-Confirm
Prompts you for confirmation before executing the command.
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-WhatIf
Describes what would happen if you executed the command without actually executing the command.
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -
OutBuffer, and -OutVariable. For more information, see about_CommonParameters.
Examples
Example 1: Enable the Reports feature
This command enables the Reports feature on the local server. The feature uses the Compliance and
Audit Database on ContosoDatabaseServer. The command prompts you to enter credentials to access
the Compliance and Audit Database. The reports group is Contoso\ReportsGroup. The command
installs reports on the default SQL Server Reporting Services instance.
PS C:\> Enable-MbamReport -ComplianceAndAuditDBConnectionString "Integrated
Security=SSPI;Data Source=ContosoDatabaseServer;Initial Catalog=MBAM Compliance Status" -
ComplianceAndAuditDBCredential (Get-Credential) -ReportsReadOnlyAccessGroup
"Contoso\ReportsGroup"
Related topics
Disable-MbamReport
Get-MbamReport
Test-MbamReport
Enable-MbamDatabase
Enable-MbamWebApplication
Enable-MbamWebApplication
Enables a web application.
Syntax
Parameter Set: ParameterSetAdministrationPortal
Enable-MbamWebApplication -AdministrationPortal -AdvancedHelpdeskAccessGroup <String> -
HelpdeskAccessGroup <String> -ReportsReadOnlyAccessGroup <String> -ReportUrl <Uri> [-
Certificate <X509Certificate2> ] [-CMIntegrationMode] [-ComplianceAndAuditDBConnectionString
<String> ] [-HostName <String> ] [-InstallationPath <String> ] [-Port <Int32> ] [-
RecoveryDBConnectionString <String> ] [-SkipValidation] [-VirtualDirectory <String> ] [-
WebServiceApplicationPoolCredential <PSCredential> ] [-Confirm] [-WhatIf] [
<CommonParameters>]
Parameter Set: ParameterSetAgentService
Enable-MbamWebApplication -AgentService [-Certificate <X509Certificate2> ] [-
CMIntegrationMode] [-ComplianceAndAuditDBConnectionString <String> ] [-HostName <String> ]
[-InstallationPath <String> ] [-Port <Int32> ] [-RecoveryDBConnectionString <String> ] [-
SkipValidation] [-WebServiceApplicationPoolCredential <PSCredential> ] [-Confirm] [-WhatIf]
[ <CommonParameters>]
Parameter Set: ParameterSetSelfServicePortal
Enable-MbamWebApplication -SelfServicePortal [-Certificate <X509Certificate2> ] [-
ComplianceAndAuditDBConnectionString <String> ] [-HostName <String> ] [-InstallationPath
<String> ] [-Port <Int32> ] [-RecoveryDBConnectionString <String> ] [-SkipValidation] [-
VirtualDirectory <String> ] [-WebServiceApplicationPoolCredential <PSCredential> ] [-
Confirm] [-WhatIf] [ <CommonParameters>]
Detailed Description
The Enable-MbamWebApplication cmdlet enables a Microsoft BitLocker Administration and
Monitoring (MBAM) web application on the local server. The cmdlet enables one of the following web
applications:
-- Administration and Monitoring Website
-- Agent Services
-- Self-Service Portal
Parameters
-AdministrationPortal
Indicates that this cmdlet acts on the Administration and Monitoring Website web application.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-AdvancedHelpdeskAccessGroup<String>
Specifies a domain user group. This group has permissions for all areas of the Administration and
Monitoring Website web application, except for reports.
Aliases AdvancedHelpdeskGroup
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-AgentService
Indicates that this cmdlet acts on the Agent Services web application.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-Certificate<X509Certificate2>
Specifies the certificate to use for encrypted web communications. If you do not specify a certificate,
web communications are not encrypted.
Aliases none
Required? false
Position? named
Default Value none
Accept Pipeline Input? True (ByValue, ByPropertyName)
Accept Wildcard Characters? false
-CMIntegrationMode
Indicates that all reports, except the Recovery Audit Report, are integrated into Microsoft System
Center Configuration Manager. If you enable the System Center Configuration Manager Integration
feature, specify this parameter.
Aliases CMMode
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-ComplianceAndAuditDBConnectionString<String>
Specifies a connection string. The web application uses the string that this parameter specifies to
connect to the Compliance and Audit Database feature. The connection string must contain values for
the Integrated Security and Initial Catalog fields.
If you do not specify this parameter, the cmdlet uses the connection string that you previously specified
for any enabled web application. All of the web applications connect to the Compliance and Audit
Database by using the same connection string. If you specify connection strings more than once, web
applications use the most recent value.
Aliases ComplianceDB
Required? false
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-HelpdeskAccessGroup<String>
Specifies the domain user group that has permissions for the Manage TPM and Drive Recovery areas
of the Administration and Monitoring Website web application.
Aliases HelpdeskGroup
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-HostName<String>
Specifies a host name. If you do not specify a host name, the cmdlet uses the fully qualified host name
of the local computer. Ensure that you specify the same host name for all of the web applications.
Aliases none
Required? false
Position? named
Default Value <fully qualified local machine name>
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-InstallationPath<String>
Specifies the installation path of the web application. The installation process creates a folder named
Microsoft BitLocker Management Solution in location that this parameter specifies. If you do not specify
a path, the cmdlet uses <IIS inetpub path>. Specify the same installation path for all of the web
applications.
Aliases none
Required? false
Position? named
Default Value <IIS inetpub path>\Microsoft BitLocker Management
Solution
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-Port<Int32>
Specifies the web service port. If you do not specify a port, unencrypted communications use port 80,
and encrypted communications use port 443. Specify the same value for all of the web applications.
You must configure your firewall to allow communication through the ports for the Self-Service Portal
and the Administration and Monitoring Website web applications.
Aliases none
Required? false
Position? named
Default Value 80 if certificate is not specified, 443 otherwise
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-RecoveryDBConnectionString<String>
Specifies a connection string. The web application uses the string that this parameter specifies to
connect to the Recovery Database. The connection string must contain values for the Integrated
Security and Initial Catalog fields.
If you do not specify this parameter, the cmdlet uses the connection string that you previously specified
for any enabled web application. All of the web applications connect to the Recovery Database by using
the same connection string. If you specify connection strings more than once, web applications use the
most recent value.
Aliases RecoveryDB
Required? false
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-ReportsReadOnlyAccessGroup<String>
Specifies a domain user group. Specify a group that has read permissions for the Reports area of the
Administration and Monitoring Website web application. The value for this parameter must be the same
as the group that you specify for the ReportsReadOnlyAccessGroup parameter in the Enable-
MbamReport cmdlet.
Aliases ReportsGroup
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-ReportUrl<Uri>
Specifies the URL for the reports that the Microsoft SQL Server Reporting Services instance publishes.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-SelfServicePortal
Indicates that this cmdlet acts on the Self-Service Portal web application.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-SkipValidation
Indicates that this cmdlet bypasses validation of parameter values. If you specify this parameter, the
feature may not function properly after you enable it.
Aliases none
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-VirtualDirectory<String>
Specifies a virtual directory for the web application. If you do not specify a virtual directory, the cmdlet
uses the value HelpDesk for the Administration and Monitoring Website, or it uses the value SelfService
for the Self-Service Portal.
Aliases none
Required? false
Position? named
Default Value "HelpDesk" for AdministrationPortal feature; "SelfService" for
SelfServicePortal
Accept Pipeline Input? false
Accept Wildcard Characters? false
-WebServiceApplicationPoolCredential<PSCredential>
Specifies the domain user that the application pool for the web applications uses. If you specified a
domain user group for the AccessAccount parameter when you ran the Enable-MbamDatabase
cmdlet, the domain user that you specify for this parameter must be a member of that group.
If you do not specify this parameter, the cmdlet uses the credentials that you previously specified for
any enabled web application. All of the web applications use the same application pool credentials. If
you specify credentials for web applications more than once, web applications use the most recent
value.
Important: For improved security, use an account that has limited user rights. Also, configure the
account so that the password never expires. Verify that the account that you specify for this parameter
is a built-in IIS_IUSRS account or has been added to the Impersonate a client after authentication
and Log on as a batch job local security settings. To view the local security setting, open the Local
Security Policy editor, expand the Local Policies node, click the User Rights Assignment node, and
then double-click the Impersonate a client after authentication and Log on as a batch job policies in
the right pane.
Aliases AppPoolCred
Required? false
Position? named
Default Value NetworkService
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-Confirm
Prompts you for confirmation before executing the command.
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-WhatIf
Describes what would happen if you executed the command without actually executing the command.
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -
OutBuffer, and -OutVariable. For more information, see about_CommonParameters.
Examples
Example 1: Enable Administration and Monitoring Website
This command enables the Administration and Monitoring Website web application on the current
server. The portal uses the Compliance and Audit Database and the Recovery Database on
ContosoDatabaseServer, and it uses the reports on ContosoReportsServer.
PS C:\> Enable-MbamWebApplication -AdministrationPortal -
ComplianceAndAuditDBConnectionString "Integrated Security=SSPI;Data
Source=ContosoDatabaseServer;Initial Catalog=MBAM Compliance Status" -
RecoveryDBConnectionString "Integrated Security=SSPI;Data
Source=ContosoDatabaseServer;Initial Catalog=MBAM Recovery and Hardware" -
AdvancedHelpdeskAccessGroup "Contoso\AdvancedUserGroup" -HelpdeskAccessGroup
"Contoso\StandardUserGroup" -ReportsReadOnlyAccessGroup "Contoso\ReportUserGroup" -ReportUrl
"https://ContosoReportsServer/ReportServer" -Port 443 -WebServiceApplicationPoolCredential
(Get-Credential) -Certificate (dir
cert:\LocalComputer\My\E2A7EA5533890D6567E40DFC46F53B3D31D6B689)
Example 2: Enable Self-Service Portal
This command enables the Self-Service Portal web application on the current server. The Self-Service
Portal uses the Compliance and Audit Database and the Recovery Database on
ContosoDatabaseServer.
PS C:\> Enable-MbamWebApplication -SelfServicePortal -ComplianceAndAuditDBConnectionString
"Integrated Security=SSPI;Data Source=ContosoDatabaseServer;Initial Catalog=MBAM Compliance
Status" -RecoveryDBConnectionString "Integrated Security=SSPI;Data
Source=ContosoDatabaseServer;Initial Catalog=MBAM Recovery and Hardware" -Port 443 -
WebServiceApplicationPoolCredential (Get-Credential) -Certificate (dir
cert:\LocalComputer\My\E2A7EA5533890D6567E40DFC46F53B3D31D6B689)
Example 3: Enable Agent Services
This command enables the Agent Services feature on the current server. The services use the
Compliance and Audit Database and the Recovery Database on ContosoDatabaseServer.
PS C:\> Enable-MbamWebApplication -AgentService -ComplianceAndAuditDBConnectionString
"Integrated Security=SSPI;Data Source=ContosoDatabaseServer;Initial Catalog=MBAM Compliance
Status" -RecoveryDBConnectionString "Integrated Security=SSPI;Data
Source=ContosoDatabaseServer;Initial Catalog=MBAM Recovery and Hardware" -Port 443 -
WebServiceApplicationPoolCredential (Get-Credential) -Certificate (dir
cert:\LocalComputer\My\E2A7EA5533890D6567E40DFC46F53B3D31D6B689)
Example 4: Enable Administration and Monitoring Website for a
mirrored environment
This command enables the Administration and Monitoring Website web application, and it configures
web applications to use a mirrored Microsoft SQL Server environment. The connection strings specify a
failover partner.
PS C:\> Enable-MbamWebApplication -AdministrationPortal -
ComplianceAndAuditDBConnectionString "Integrated Security=SSPI;Data
Source=ContosoDatabaseServer;Failover Partner=ContosoMirror;Initial Catalog=MBAM Compliance
Status" -RecoveryDBConnectionString "Integrated Security=SSPI;Data
Source=ContosoDatabaseServer;Failover Partner=ContosoMirror;Initial Catalog=MBAM Recovery
and Hardware" -AdvancedHelpdeskAccessGroup "Contoso\AdvancedUserGroup" -HelpdeskAccessGroup
"Contoso\StandardUserGroup" -ReportsReadOnlyAccessGroup "Contoso\ReportUserGroup" -ReportUrl
"https://ContosoReportsServer/ReportServer" -Port 443 -WebServiceApplicationPoolCredential
(Get-Credential) -Certificate (dir
cert:\LocalComputer\My\E2A7EA5533890D6567E40DFC46F53B3D31D6B689)
Example 5: Enable the Self-Service Portal for a mirrored
environment
This command enables the Self-Service Portal on the current server, and it configures web applications
to use a mirrored SQL Server environment. The connection strings specify a failover partner.
PS C:\> Enable-MbamWebApplication -SelfServicePortal -ComplianceAndAuditDBConnectionString
"Integrated Security=SSPI;Data Source=ContosoDatabaseServer;Failover
Partner=ContosoMirror;Initial Catalog=MBAM Compliance Status" -RecoveryDBConnectionString
"Integrated Security=SSPI;Data Source=ContosoDatabaseServer;Failover
Partner=ContosoMirror;Initial Catalog=MBAM Recovery and Hardware" -Port 443 -
WebServiceApplicationPoolCredential (Get-Credential) -Certificate (dir
cert:\LocalComputer\My\E2A7EA5533890D6567E40DFC46F53B3D31D6B689)
Related topics
Disable-MbamWebApplication
Get-MbamWebApplication
Test-MbamWebApplication
Enable-MbamReport
Enable-MbamDatabase
Get-MbamBitLockerRecoveryKey
Get-MbamBitLockerRecoveryKey
Requests an MBAM recovery key.
Syntax
Parameter Set: Default
Get-MbamBitLockerRecoveryKey -HelpDeskUrl <Uri> -KeyID <String> -Reason <String> [-
UserDomain <String> ] [-UserID <String> ] [ <CommonParameters>]
Detailed Description
The Get-MbamBitLockerRecoveryKey cmdlet requests a Microsoft BitLocker Administration and
Monitoring (MBAM) recovery key. This recovery key enables a user to unlock a volume that is in
recovery mode. A volume can enter recovery mode due to a forgotten BitLocker PIN or password, a
Windows update, or a change to the BIOS settings of the computer.
Parameters
-HelpDeskUrl<Uri>
Specifies the URL for the MBAM help desk site.
Aliases url
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-KeyID<String>
Specifies the recovery key ID. You can specify the first eight digits of the recovery key ID for this
parameter or you can specify the complete ID. For example, if the recovery key ID is 4734f3b9-58c7-
4a41-87a5-0701d4fdbb86, you can specify 4734f3b9 for this parameter.
Aliases key,k
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-Reason<String>
Specifies the reason for the recovery key request. Reasons can include a forgotten BitLocker PIN or
password, a Windows update, or a change to BIOS settings of the computer.
Aliases r
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-UserDomain<String>
Specifies the domain of the user.
Aliases ud
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-UserID<String>
Specifies the ID of the user.
Aliases uid
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -
OutBuffer, and -OutVariable. For more information, see about_CommonParameters.
Outputs
The output type is the type of the objects that the cmdlet emits.
string
The BitLocker recovery key for the specified volume.
Examples
Example 1: Get a recovery key by specifying an eight-digit recovery
key ID
This command gets the recovery key from the specified help desk server for the user ContosoUser. The
command specifies only the first eight digits of the key ID.
PS C:\> Get-MbamBitLockerRecoveryKey -KeyID "4374f3b9" -Reason "Forgot PIN" -HelpDeskUrl
https://helpdeskserver/HelpDesk -UserDomain "ContosoDomain" -UserID "ContosoUser"
Example 2: Get a recovery key by specifying the complete recovery
key ID
This command gets the recovery key from the specified help desk server for the user ContosoUser. The
command specifies the complete key ID.
PS C:\> Get-MbamBitLockerRecoveryKey -KeyID "4374f3b9-58c7-4a41-87a5-0701d4fdbb86" -Reason
"Forgot PIN" -HelpDeskUrl https://helpdeskserver/HelpDesk -UserDomain "ContosoDomain" -
UserID "ContosoUser"
Get-MbamCMIntegration
Get-MbamCMIntegration
Gets the configuration of the MBAM System Center Configuration Manager Integration feature.
Syntax
Get-MbamCMIntegration [ <CommonParameters>]
Detailed Description
The Get-MbamCMIntegration cmdlet gets the configuration of the Microsoft BitLocker Administration
and Monitoring (MBAM) System Center Configuration Manager Integration feature.
Parameters
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -
OutBuffer, and -OutVariable. For more information, see about_CommonParameters.
Outputs
The output type is the type of the objects that the cmdlet emits.
Microsoft.MBAM.Server.Commands.CMIntegrationConfiguration
Examples
Example 1: Get the configuration of the System Center
Configuration Manager Integration feature
This command gets the configuration of the MBAM System Center Configuration Manager Integration
feature in the local server.
PS C:\> Get-MbamCMIntegration
Name : Configuration Manager Integration
Enabled : False
Description : This feature will integrate MBAM with a Microsoft System Center Configuration
Manager server.
Related topics
Disable-MbamCMIntegration
Enable-MbamCMIntegration
Test-MbamCMIntegration
Get-MbamReport
Get-MbamReport
Gets the configuration of the Reports feature.
Syntax
Get-MbamReport [ <CommonParameters>]
Detailed Description
The Get-MbamReport cmdlet gets the configuration of the Microsoft BitLocker Administration and
Monitoring (MBAM) Reports feature.
Parameters
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -
OutBuffer, and -OutVariable. For more information, see about_CommonParameters.
Outputs
The output type is the type of the objects that the cmdlet emits.
Microsoft.MBAM.Server.Commands.ReportConfiguration
Examples
Example 1: Get configuration of the Reports feature
Gets the configuration of the Reports feature on the local server.
PS C:\> Get-MbamReport
Name : Reports
Enabled : True
Description : This feature includes reports for the Compliance and
Auditing data that has been gathered by the MBAM Client.
ComplianceAndAuditDBConnectionString : Integrated Security=SSPI;Data
Source=ContosoDatabaseServer;Initial Catalog="MBAM Compliance Status";
ComplianceAndAuditDBUser : ContosoDomain\ReportAccount
SsrsInstance : MSSQLSERVER
ReportsReadOnlyAccessGroup : ContosoDomain\ReportGroup
ReportUrl :
https://ContosoReportsServer:443/ReportServer/ReportService2005.asmx
Related topics
Disable-MbamReport
Enable-MbamReport
Test-MbamReport
Get-MbamTPMOwnerPassword
Get-MbamTPMOwnerPassword
Gets a TPM owner password.
Syntax
Parameter Set: Default
Get-MbamTPMOwnerPassword -ComputerDomain <String> -ComputerName <String> -HelpDeskUrl <Uri>
-Reason <String> [-UserDomain <String> ] [-UserID <String> ] [ <CommonParameters>]
Detailed Description
The Get-MbamTPMOwnerPassword cmdlet gets an owner password for a Trusted Platform Module
(TPM). If a TPM does not accept the user PIN, it becomes locked. The user unlocks the TPM by using
the owner password.
Parameters
-ComputerDomain<String>
Specifies the domain of the locked computer.
Aliases cd
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-ComputerName<String>
Specifies the name of the locked computer.
Aliases cn
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-HelpDeskUrl<Uri>
Specifies the URL for the Microsoft BitLocker Administration and Monitoring (MBAM) help desk site.
Aliases url
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-Reason<String>
Specifies the reason for the password request.
Aliases r
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-UserDomain<String>
Specifies the domain of the user.
Aliases ud
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-UserID<String>
Specifies the ID of the user.
Aliases uid
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -
OutBuffer, and -OutVariable. For more information, see about_CommonParameters.
Outputs
The output type is the type of the objects that the cmdlet emits.
StringThe TPM owner password.
Examples
Example 1: Get the TPM owner password
This command gets the TPM owner password from the MBAM help desk server for the specified
computer and user. The command also specifies the reason the TPM is locked.
PS C:\> Get-MbamTPMOwnerPassword -ComputerDomain "ContosoDomain" -ComputerName
"ContosoComputer" -Reason "Forgot PIN" -HelpDeskUrl https://helpdeskserver/HelpDesk -
UserDomain "ContosoDomain" -UserID "ContosoUser"
Get-MbamWebApplication
Get-MbamWebApplication
Gets the configuration of a web application.
Syntax
Parameter Set: ParameterSetAdministrationPortal
Get-MbamWebApplication -AdministrationPortal [ <CommonParameters>]
Parameter Set: ParameterSetAgentService
Get-MbamWebApplication -AgentService [ <CommonParameters>]
Parameter Set: ParameterSetSelfServicePortal
Get-MbamWebApplication -SelfServicePortal [ <CommonParameters>]
Detailed Description
The Get-MbamWebApplication cmdlet gets the configuration of a Microsoft BitLocker Administration
and Monitoring (MBAM) web application.
Parameters
-AdministrationPortal
Indicates that this cmdlet acts on the Administration and Monitoring Website web application.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-AgentService
Indicates that this cmdlet acts on the Agent Services web application.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-SelfServicePortal
Indicates that this cmdlet acts on the Self-Service Portal web application.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -
OutBuffer, and -OutVariable. For more information, see about_CommonParameters.
Outputs
The output type is the type of the objects that the cmdlet emits.
Microsoft.MBAM.Server.Commands.AdministrationPortalConfiguration,
Microsoft.MBAM.Server.Commands.SelfServicePortalConfiguration,
Microsoft.MBAM.Server.Commands.AgentServiceConfiguration
Examples
Example 1: Get the configuration of Administration and Monitoring
Website
This command gets the configuration of the Administration and Monitoring Website feature on the local
server.
PS C:\> Get-MbamWebApplication -AdministrationPortal
Name : Administration Web Portal
Enabled : True
Description : This feature includes the Help Desk web application
for administration.
InstallationPath : C:\inetpub
HostName : MYSERVER.contoso.com
Port : 443
CertificateThumbprint : E2A7EA5533890D6567E40DFC46F53B3D31D6B689
ComplianceAndAuditDBConnectionString : Integrated Security=SSPI;Data
Source=MyDatabaseServer;Initial Catalog="MBAM Compliance Status";
RecoveryDBConnectionString : Integrated Security=SSPI;Data
Source=MyDatabaseServer;Initial Catalog="MBAM Recovery and Hardware";
WebServiceApplicationPoolUser : MyDomain\MBAMWebServicesAccount
VirtualDirectory : /HelpDesk
CMIntegrationMode : False
ReportUrl : https://MyReportsServer/ReportServer
AdvancedHelpdeskAccessGroup : MyDomain\AdvancedHelpdeskUserGroup
HelpdeskAccessGroup : MyDomain\HelpdeskUserGroup
ReportsReadOnlyAccessGroup : MyDomain\ReportsUserGroup
Example 2: Get the configuration of the Self-Service Portal
This command gets the configuration of the Self-Service Portal feature on the local server.
PS C:\> Get-MbamWebApplication -SelfServicePortal
Name : Self Service Web Portal
Enabled : True
Description : This feature includes the Self Service web
application that allows users to recover their own BitLocker keys.
InstallationPath : C:\inetpub
HostName : MYSERVER.contoso.com
Port : 443
CertificateThumbprint : E2A7EA5533890D6567E40DFC46F53B3D31D6B689
ComplianceAndAuditDBConnectionString : Integrated Security=SSPI;Data
Source=MyDatabaseServer;Initial Catalog="MBAM Compliance Status";
RecoveryDBConnectionString : Integrated Security=SSPI;Data
Source=MyDatabaseServer;Initial Catalog="MBAM Recovery and Hardware";
WebServiceApplicationPoolUser : MyDomain\MBAMWebServicesAccount
VirtualDirectory : /SelfService
Example 3: Get the configuration of the Agent Services feature
This command gets the configuration of the Agent Services feature on the local server.
PS C:\> Get-MbamWebApplication -AgentService
Name : Agent Web Services
Enabled : True
Description : This feature includes the web services to support the
MBAM agent.
InstallationPath : C:\inetpub
HostName : MYSERVER.contoso.com
Port : 443
ComplianceAndAuditDBConnectionString : Integrated Security=SSPI;Data
Source=MyDatabaseServer;Initial Catalog="MBAM Compliance Status";
RecoveryDBConnectionString : Integrated Security=SSPI;Data
Source=MyDatabaseServer;Initial Catalog="MBAM Recovery and Hardware";
WebServiceApplicationPoolUser : MyDomain\MBAMWebServicesAccount
CMIntegrationMode : False
Related topics
Disable-MbamWebApplication
Enable-MbamWebApplication
Test-MbamWebApplication
Test-MbamCMIntegration
Test-MbamCMIntegration
Checks server prerequisites and validates parameters.
Syntax
Parameter Set: ParameterSetCMReportsOnly
Test-MbamCMIntegration -BitLockerProtectionBaselineLogicalName <String> -
FixedDataDriveConfigurationItemLogicalName <String> -
OperatingSystemDriveConfigurationItemLogicalName <String> -ReportsCollectionID <String> -
ReportsOnly [-Detailed] [-SsrsInstance <String> ] [-SsrsServer <String> ] [
<CommonParameters>]
Parameter Set: ParameterSetDefault
Test-MbamCMIntegration [-Detailed] [-SsrsInstance <String> ] [-SsrsServer <String> ] [
<CommonParameters>]
Detailed Description
The Test-MbamCMIntegration cmdlet checks the server prerequisites and validates the parameters
for the Microsoft BitLocker Administration and Monitoring (MBAM) System Center Configuration
Manager Integration feature.
Parameters
-BitLockerProtectionBaselineLogicalName<String>
Specifies the logical name of the BitLocker protection baseline.
Aliases BaselineLogicalName
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-Detailed
Indicates that the cmdlet displays detailed information about the prerequisite check and parameter
validation failures.
Aliases none
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-FixedDataDriveConfigurationItemLogicalName<String>
Specifies the logical name of the fixed data drive configuration item.
Aliases FDDLogicalName
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-OperatingSystemDriveConfigurationItemLogicalName<String>
Specifies the logical name of the operating system drive configuration item.
Aliases OSDLogicalName
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-ReportsCollectionID<String>
Specifies an existing collection ID. This ID is used by the reports to set the default collection for which
the reports display compliance data.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-ReportsOnly
Indicates that only the Configuration Manager reports are deployed.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-SsrsInstance<String>
Specifies the SQL Server Reporting Services instance. This instance hosts the Configuration Manager
reports. This parameter is ignored if the server has System Center 2012 Configuration Manager
installed.
Aliases none
Required? false
Position? named
Default Value MSSQLSERVER
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-SsrsServer<String>
Specifies the server with the SQL Server Reporting Services point role. This server hosts the
Configuration Manager reports. If you do not specify a server, the Configuration Manager reports are
deployed to the local server.
Aliases none
Required? false
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -
OutBuffer, and -OutVariable. For more information, see about_CommonParameters.
Outputs
The output type is the type of the objects that the cmdlet emits.
bool
Examples
Example 1: Check prerequisites to enable integration
This command tests the prerequisites for enabling the MBAM System Center Configuration Manager
Integration on the local Configuration Manager server. The MBAM reports are deployed on the default
SQL Server Reporting Services instance, MSSQLSERVER.
PS C:\> Test-MbamCMIntegration
Example 2: Check prerequisites to enable integration with detailed
output
This command checks the prerequisites to enable the MBAM System Center Configuration Manager
Integration feature on the local Configuration Manager server with detailed output.
PS C:\> Test-MbamCMIntegration -Detailed
ID Type Message
-- ---- -------
CmInstallation Error This feature can be installed only on a server that is running System
Center Configuration Manager.
Related topics
Disable-MbamCMIntegration
Enable-MbamCMIntegration
Get-MbamCMIntegration
Test-MbamDatabase
Test-MbamDatabase
Checks server prerequisites and validates parameters for an MBAM database.
Syntax
Parameter Set: ParameterSetCompliance
Test-MbamDatabase -AccessAccount <String> -ComplianceAndAudit -ConnectionString <String> -
ReportAccount <String> [-DatabaseName <String> ] [-Detailed] [ <CommonParameters>]
Parameter Set: ParameterSetRecovery
Test-MbamDatabase -AccessAccount <String> -ConnectionString <String> -Recovery [-
DatabaseName <String> ] [-Detailed] [ <CommonParameters>]
Detailed Description
The Test-MbamDatabase cmdlet checks the server prerequisites and validates the parameters for the
Microsoft BitLocker Administration and Monitoring (MBAM) database feature.
Parameters
-AccessAccount<String>
Specifies a domain user or group. This domain user or group must have read/write permission to this
database, which enables web applications to access the data and reports. If the value is a domain user,
the WebServiceApplicationPoolCredential parameter in the Enable-MbamWebApplication cmdlet
must use the same user account. If the value is a group, the domain account used by the
WebServiceApplicationPoolCredential parameter must be a member of this group.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-ComplianceAndAudit
Indicates that the cmdlet checks the server prerequisites and validates the parameter values for the
Compliance and Audit Database.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-ConnectionString<String>
Specifies the connection string used to connect to the data store. The Integrated Security field must be
in the connection string.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-DatabaseName<String>
Specifies the name of the database. This parameter cannot contain leading or trailing spaces or non-
printable characters. If you do not specify a name, the Compliance and Audit Database is given the
name MBAM Compliance Status, and the Recovery Database is given the name MBAM Recovery and
Hardware.
Aliases none
Required? false
Position? named
Default Value "MBAM Compliance Status" for Compliance DB;
"MBAM Recovery and Hardware" for Recovery
DB
Accept Pipeline Input? false
Accept Wildcard Characters? false
-Detailed
Indicates that the cmdlet displays detailed information about the prerequisite check and parameter
validation failures.
Aliases none
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-Recovery
Indicates that the cmdlet checks the server prerequisites and validates the parameter values for the
Recovery Database.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-ReportAccount<String>
Specifies a domain user or group. This domain user or group must have read-only permission to this
database, which enables reports to access the compliance and audit data. If the value is a domain user,
then the Compliance and Audit Database domain account of the report feature must be the same as the
user. If the value is a group, then the Compliance and Audit Database domain account of the report
feature must be a member of this group.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -
OutBuffer, and -OutVariable. For more information, see about_CommonParameters.
Outputs
The output type is the type of the objects that the cmdlet emits.
bool
Examples
Example 1: Check prerequisites and validate parameters for the
Compliance and Audit Database
This command checks the prerequisites and validates the parameters to enable the Compliance and
Audit Database on MyDatabaseServer. The name of the database is MyComplianceDatabaseName.
The domain account MyAccessAccount has read/write permission to the database, and
MyReportAccount has read-only permission to the database for reporting purposes. The command
uses the current Windows account credentials for authentication.
PS C:\> Test-MbamDatabase -ComplianceAndAudit -ConnectionString "Integrated
Security=SSPI;Data Source=MyDatabaseServer" -AccessAccount "MyDomain\MyAccessAccount" -
ReportAccount "MyDomain\MyReportAccount" -DatabaseName MyComplianceDatabaseName
Example 2: Check prerequisites and validate parameters for the
Recovery Database
This command checks the prerequisites and validates the parameters to enable the Recovery
Database on MyRecoveryDatabaseServer. The name of the database is MyRecoveryDatabaseName.
The domain account MyAccessAccount has read/write permission to the database. The command uses
the current Windows account credentials for authentication.
PS C:\> Test-MbamDatabase -Recovery -ConnectionString "Integrated Security=SSPI;Data
Source=MyDatabaseServer" -AccessAccount "MyDomain\MyAccessAccount" -DatabaseName
"MyRecoveryDatabaseName"
Example 3: Check prerequisites and validate parameters with
detailed output
This command checks the prerequisites and validates the parameters to enable the Compliance and
Audit Database on MyDatabaseServer with detailed output.
PS C:\> Test-MbamDatabase -ComplianceAndAudit -ConnectionString "Integrated
Security=SSPI;Data Source=MyDatabaseServer" -AccessAccount "MyDomain\MyAccessAccount" -
ReportAccount "MyDomain\MyReportAccount" -DatabaseName "MyComplianceDatabaseName" -Detailed
ID Type Message
-- ---- -------
ComplianceConnectionString Error Cannot connect to the database with the provided
connection string.
ComplianceDatabaseAccessAccount Error The user or group 'MyDomain\MyAccessAccount' cannot be
found in Active Directory.
Related topics
Enable-MbamDatabase
Enable-MbamWebApplication
Test-MbamReport
Test-MbamReport
Checks server prerequisites and validates parameter values for the Reports feature.
Syntax
Parameter Set: Default
Test-MbamReport -ComplianceAndAuditDBCredential <PSCredential> -ReportsReadOnlyAccessGroup
<String> [-ComplianceAndAuditDBConnectionString <String> ] [-Detailed] [-SsrsInstance
<String> ] [ <CommonParameters>]
Detailed Description
The Test-MbamReport cmdlet checks server prerequisites and validates parameter values for the
Microsoft BitLocker Administration and Monitoring (MBAM) Reports feature.
Parameters
-ComplianceAndAuditDBConnectionString<String>
Specifies a connection string. The local Microsoft SQL Server Reporting Services uses the string that
this parameter specifies to connect to the Compliance and Audit Database feature. The connection
string must contain values for the Integrated Security and Initial Catalog fields.
Aliases ComplianceDB
Required? false
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-ComplianceAndAuditDBCredential<PSCredential>
Specifies the domain account credentials that the local SQL Server Reporting Services instance uses to
connect to the Compliance and Audit Database. The domain user in the credentials must be the same
as or a member of the report account of the Compliance and Audit Database.
Important: For improved security, use an account that has limited privileges. Also, configure the account
so that the password never expires.
Aliases ComplianceDBCred
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByValue, ByPropertyName)
Accept Wildcard Characters? false
-Detailed
Indicates that the cmdlet displays detailed information about the prerequisite check and parameter
validation failures.
Aliases none
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-ReportsReadOnlyAccessGroup<String>
Specifies a domain user group. Specify a group that has read permissions for the reports.
Aliases ReportsGroup
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-SsrsInstance<String>
Specifies the SQL Server Reporting Services instance. After installation, this instance hosts the reports.
If you do not specify an instance, the cmdlet uses the default instance, MSSQLSERVER.
Aliases none
Required? false
Position? named
Default Value MSSQLSERVER
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -
OutBuffer, and -OutVariable. For more information, see about_CommonParameters.
Outputs
The output type is the type of the objects that the cmdlet emits.
bool
Examples
Example 1: Check prerequisites and validate parameters for the
Reports feature
This command checks the prerequisites and validates the parameters for the Reports feature on the
local server. The connection string specifies that ContosoDatabaseServer hosts the Compliance and
Audit Database. The cmdlet prompts you to enter credentials for the Compliance and Audit Database.
The reports group is ContosoDomain\ReportsGroup.
PS C:\> Test-MbamReport -ComplianceAndAuditDBConnectionString "Data
Source=MyDatabaseServer;Initial Catalog=MBAM Compliance Status;Integrated Security=True" -
ReportsReadOnlyAccessGroup "MyDomain\MyReportsGroup"
True
Example 2: View details about prerequisites and validation for the
Reports feature
This command displays detailed information about prerequisites and validation of parameters for the
Reports feature. This command specifies the Detailed parameter.
PS C:\> Test-MbamReport -ComplianceAndAuditDBConnectionString "Data
Source=MyDatabaseServer;Initial Catalog=MBAM Compliance Status;Integrated Security=True" -
ReportsReadOnlyAccessGroup "MyDomain\MyReportsGroup" -Detailed
ID Type Message
-- ---- -------
ReportsInstallation Error Unable to connect to the Reporting Services web service. Error
message: The request failed with HTTP status 504: Proxy Timeout (The connection timed out.).
False
Related topics
Disable-MbamReport
Enable-MbamReport
Get-MbamReport
Test-MbamWebApplication
Test-MbamWebApplication
Checks server prerequisites and validates parameter values for a web application feature.
Syntax
Parameter Set: ParameterSetAdministrationPortal
Test-MbamWebApplication -AdministrationPortal -AdvancedHelpdeskAccessGroup <String> -
HelpdeskAccessGroup <String> -ReportsReadOnlyAccessGroup <String> -ReportUrl <Uri> [-
Certificate <X509Certificate2> ] [-CMIntegrationMode] [-ComplianceAndAuditDBConnectionString
<String> ] [-Detailed] [-HostName <String> ] [-InstallationPath <String> ] [-Port <Int32> ]
[-RecoveryDBConnectionString <String> ] [-VirtualDirectory <String> ] [-
WebServiceApplicationPoolCredential <PSCredential> ] [ <CommonParameters>]
Parameter Set: ParameterSetAgentService
Test-MbamWebApplication -AgentService [-Certificate <X509Certificate2> ] [-
CMIntegrationMode] [-ComplianceAndAuditDBConnectionString <String> ] [-Detailed] [-HostName
<String> ] [-InstallationPath <String> ] [-Port <Int32> ] [-RecoveryDBConnectionString
<String> ] [-WebServiceApplicationPoolCredential <PSCredential> ] [ <CommonParameters>]
Parameter Set: ParameterSetSelfServicePortal
Test-MbamWebApplication -SelfServicePortal [-Certificate <X509Certificate2> ] [-
ComplianceAndAuditDBConnectionString <String> ] [-Detailed] [-HostName <String> ] [-
InstallationPath <String> ] [-Port <Int32> ] [-RecoveryDBConnectionString <String> ] [-
VirtualDirectory <String> ] [-WebServiceApplicationPoolCredential <PSCredential> ] [
<CommonParameters>]
Detailed Description
The Test-MbamWebApplication cmdlet checks server prerequisites and validates parameter values
for a Microsoft BitLocker Administration and Monitoring (MBAM) web application feature. The cmdlet
validates the current computer for one of the following web applications:
-- Administration and Monitoring Website
-- Agent Services
-- Self-Service Portal
Parameters
-AdministrationPortal
Indicates that this cmdlet acts on the Administration and Monitoring Website web application.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-AdvancedHelpdeskAccessGroup<String>
Specifies a domain user group. This group has permissions for all areas of the Administration and
Monitoring Website web application, except for reports.
Aliases AdvancedHelpdeskGroup
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-AgentService
Indicates that this cmdlet acts on the Agent Services web application.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-Certificate<X509Certificate2>
Specifies the certificate to use for encrypted web communications. If you do not specify a certificate,
web communications are not encrypted.
Aliases none
Required? false
Position? named
Default Value none
Accept Pipeline Input? True (ByValue, ByPropertyName)
Accept Wildcard Characters? false
-CMIntegrationMode
Indicates that all reports, except the Recovery Audit Report, are integrated into Microsoft System
Center Configuration Manager. If you enable the System Center Configuration Manager Integration
feature, specify this parameter.
Aliases CMMode
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-ComplianceAndAuditDBConnectionString<String>
Specifies a connection string. The web application uses the string that this parameter specifies to
connect to the Compliance and Audit Database feature. The connection string must contain values for
the Integrated Security and Initial Catalog fields.
All of the web applications connect to the Compliance and Audit Database by using the same
connection string.
Aliases ComplianceDB
Required? false
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-Detailed
Indicates that the cmdlet displays detailed information about the prerequisite check and parameter
validation failures.
Aliases none
Required? false
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-HelpdeskAccessGroup<String>
Specifies the domain user group that has permissions for the Manage TPM and Drive Recovery areas
of the Administration and Monitoring Website web application.
Aliases HelpdeskGroup
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-HostName<String>
Specifies a host name. If you do not specify a host name, the cmdlet uses the fully qualified host name
of the local computer. Ensure that you specify the same host name for all of the web applications.
Aliases none
Required? false
Position? named
Default Value <fully qualified local machine name>
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-InstallationPath<String>
Specifies the installation path of the web application. The installation process creates a folder named
Microsoft BitLocker Management Solution in the location that this parameter specifies. If you do not
specify a path, the cmdlet uses <IIS inetpub path>. Specify the same installation path for all of the web
applications.
Aliases none
Required? false
Position? named
Default Value <IIS inetpub path>\Microsoft BitLocker Management
Solution
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-Port<Int32>
Specifies the web service port. If you do not specify a port, unencrypted communications use port 80,
and encrypted communications use port 443. Specify the same value for all of the web applications.
You must configure your firewall to allow communication through the ports for the Self-Service Portal
and the Administration and Monitoring Website web applications.
Aliases none
Required? false
Position? named
Default Value 80 if certificate is not specified, 443 otherwise
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-RecoveryDBConnectionString<String>
Specifies a connection string. The web application uses the string that this parameter specifies to
connect to the Recovery Database. The connection string must contain values for the Integrated
Security and Initial Catalog fields. Ensure that all of the web applications connect to the Recovery
Database by using the same connection string.
Aliases RecoveryDB
Required? false
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-ReportsReadOnlyAccessGroup<String>
Specifies a domain user group. Specify a group that has read permissions for the Reports area of the
Administration and Monitoring Website web application.
Aliases ReportsGroup
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-ReportUrl<Uri>
Specifies the URL for the reports that the Microsoft SQL Server Reporting Services instance publishes.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
-SelfServicePortal
Indicates that this cmdlet acts on the Self-Service Portal web application.
Aliases none
Required? true
Position? named
Default Value none
Accept Pipeline Input? false
Accept Wildcard Characters? false
-VirtualDirectory<String>
Specifies a virtual directory for the web application. If you do not specify a virtual directory, the cmdlet
uses the value HelpDesk for Administration and Monitoring Website, or it uses the value SelfService for
Self-Service Portal.
Aliases none
Required? false
Position? named
Default Value "HelpDesk" for AdministrationPortal feature; "SelfService" for
SelfServicePortal
Accept Pipeline Input? false
Accept Wildcard Characters? false
-WebServiceApplicationPoolCredential<PSCredential>
Specifies the domain user that the application pool for the web applications uses.
If you do not specify this parameter, the cmdlet uses the credentials that you previously specified for
any enabled web application. All of the web applications use the same application pool credentials. If
you specify credentials for web applications more than once, web applications use the most recent
value.
Important: For improved security use an account that has limited user rights. Also, configure the
account so that the password never expires.
Aliases AppPoolCred
Required? false
Position? named
Default Value NetworkService
Accept Pipeline Input? True (ByPropertyName)
Accept Wildcard Characters? false
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -
OutBuffer, and -OutVariable. For more information, see about_CommonParameters.
Outputs
The output type is the type of the objects that the cmdlet emits.
bool
Examples
Example 1: Check prerequisites and validate parameters for
Administration and Monitoring Website
This command checks the prerequisites and validates parameter values for enabling the Administration
and Monitoring Website web application on the current server. The command tests a configuration of
the website that uses the Compliance and Audit Database and the Recovery Database present in the
ContosoDatabaseServer and the reports present in the ContosoReportsServer.
PS C:\> Test-MbamWebApplication -AdministrationPortal -ComplianceAndAuditDBConnectionString
"Integrated Security=SSPI;Data Source=ContosoDatabaseServer;Initial Catalog=MBAM Compliance
Status" -RecoveryDBConnectionString "Integrated Security=SSPI;Data
Source=ContosoDatabaseServer;Initial Catalog=MBAM Recovery and Hardware" -
AdvancedHelpdeskAccessGroup "Contoso\AdvancedUserGroup" -HelpdeskAccessGroup
"Contoso\StandardUserGroup" -ReportsReadOnlyAccessGroup "Contoso\ReportUserGroup" -ReportUrl
"https://ContosoReportServer/ReportServer" -Port 443 -WebServiceApplicationPoolCredential
(Get-Credential) -Certificate (dir
cert:\LocalComputer\My\E2A7EA5533890D6567E40DFC46F53B3D31D6B689)
True
Example 2: Check prerequisites and validate parameters for Self-
Service Portal
This command checks the prerequisites and validates parameter values for enabling the Self-Service
Portal web application on this server. The command checks the configuration of the Portal that uses the
Compliance and Audit Database and the Recovery Database present in the ContosoDatabaseServer.
PS C:\> Test-MbamWebApplication -SelfServicePortal -ComplianceAndAuditDBConnectionString
"Integrated Security=SSPI;Data Source=ContosoDatabaseServer;Initial Catalog=MBAM Compliance
Status" -RecoveryDBConnectionString "Integrated Security=SSPI;Data
Source=ContosoDatabaseServer;Initial Catalog=MBAM Recovery and Hardware" -Port 443 -
WebServiceApplicationPoolCredential (Get-Credential) -Certificate (dir
cert:\LocalComputer\My\E2A7EA5533890D6567E40DFC46F53B3D31D6B689)
True
Example 3: Check prerequisites and validate parameters for Agent
Services
This command checks the prerequisites and validates parameter values for enabling the Agent
Services feature on the current server. The cmdlets verify a configuration of services that uses the
Compliance and Audit Database and the Recovery Database present in the ContosoDatabaseServer.
PS C:\> Test-MbamWebApplication -AgentService -ComplianceAndAuditDBConnectionString
"Integrated Security=SSPI;Data Source=ContosoDatabaseServer;Initial Catalog=MBAM Compliance
Status" -RecoveryDBConnectionString "Integrated Security=SSPI;Data
Source=ContosoDatabaseServer;Initial Catalog=MBAM Recovery and Hardware" -Port 443 -
WebServiceApplicationPoolCredential (Get-Credential) -Certificate (dir
cert:\LocalComputer\My\E2A7EA5533890D6567E40DFC46F53B3D31D6B689)
True
Example 4: View detailed information
This command checks the prerequisites and validates parameter values for enabling the Administration
and Monitoring Website on this server. The command specifies the Detailed parameter, and, therefore,
displays detailed information.
PS C:\> Test-MbamWebApplication -AdministrationPortal -ComplianceAndAuditDBConnectionString
"Integrated Security=SSPI;Data Source=ContosoDatabaseServer;Initial Catalog=MBAM Compliance
Status" -RecoveryDBConnectionString "Integrated Security=SSPI;Data
Source=ContosoDatabaseServer;Initial Catalog=MBAM Recovery and Hardware" -
AdvancedHelpdeskAccessGroup "Contoso\AdvancedUserGroup" -HelpdeskAccessGroup
"Contoso\StandardUserGroup" -ReportsReadOnlyAccessGroup "Contoso\ReportUserGroup" -ReportUrl
"https://ContosoReportServer/ReportServer" -Port 443 -WebServiceApplicationPoolCredential
(Get-Credential) -Certificate (dir
cert:\LocalComputer\My\E2A7EA5533890D6567E40DFC46F53B3D31D6B689) -Detailed
Type Message
---- -------
Error Parameter "ComplianceAndAuditDBConnectionString" using value "Integrated
Security=SSPI;Data Source=ContosoDatabaseServer;Initial Catalog=MBAM Compliance Status" is
...
Warning The application pool credential has a password that is set to expire.
Warning The application pool credential has administrator rights.
Warning Server communications have been configured without a certificate, which is not a
secure configuration.
False
Related topics
Disable-MbamWebApplication
Enable-MbamWebApplication
Get-MbamWebApplication