Tutorial – Microsoft BitLocker Administration (MBAM) 1.0 – Installation and Configuration

I needed to install a test enviroment for Microsoft BitLocker Administration (MBAM) 1.0, to test an upgrade to 2.5 SP1.

Here is a short guide how to install and configure Microsoft BitLocker Administration (MBAM) 1.0.


  • Windows Server 2008 R2
  • Microsoft SQL Server 2008 R2 (with SP2)
  • Microsoft SQL Server Reporting Services 2008 R2 (with SP2)
  • Desktop Optimization Pack 2015 (MDOP)


First of all, we need to install the .NET 3.5.1 Framework, this can be done by running the following in a PowerShell shell

Next you will need to install the prerequisites for MBAM.

      • Roles
        • Web Server (IIS)
          • Common HTTP Features
            • Static Content
            • Default Document
          • Application Development
            • ASP.NET
            • .NET Extensibility
            • ISAPI Extensions
            • ISAPI Filters
          • Security
            • Windows Authentication
            • Request Filtering
      •  Features
        • Microsoft .NET Framework 3.5.1
          • WCF Activation
            • HTTP Activation
            • Non-HTTP Activation
          • Windows Process Activation Service
            • Process Model
            • .NET Environment
            • Configuration API

Run the following PowerShell command to install all of above.

Now we need to install the SQL services on the machine. Mount the Microsoft SQL Server 2008 R2 media, and run the following.
I have the following disk layout for almost all my database servers.

  • Drive:\ – (Mount Point)
  • Drive:\MSSQL\SystemDB – (SQL Data Directory)
  • Drive:\MSSQL\TempDB – (SQL Temp DB)
  • Drive:\MSSQL\TempDB\Data – (SQL Temp DB – Data)
  • Drive:\MSSQL\TempDB\Log – (SQL Temp DB – Log)
  • Drive:\MSSQL\Data – (User databases – Data)
  • Drive:\MSSQL\Log – (User databases – Log)

I’m also using 3 different service accounts for SQL Engine, SQL Agent and SQL Reporting Service.

Now run the following in a cmd.exe, change it to your needs.

After the SQL Server installation, please update to the latest service pack (which is SP3), you can use the following command in a cmd.exe terminal.


Now change the SQL TCP port to 1433, here’s a script (PowerShell) that can do it for you.

Now we need to configure the Reporting Service.

  1. Open “Reporting Services Configuration Manager” default located at “C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\RSConfigTool.exe“.
  2. Connect to your reporting instance, click “Connect“.
  3. Creating new report databases:
    1. Navigate to “Database” and click on “Change database“.
    2. Mark “Create a new report server database.”, and click “Next“.
    3. Choose the database server instance, click “Next“.
    4. Choose “Native Mode” and maybe change your database name to “MBAM_ReportServer“, click “Next“.
    5. Click “Next” until you finish the wizard.
  4. Setup Web Service URL:
    1. Navigate to “Web Service URL” and change your virtual directory name to “ReportServer“. Click “Apply“.
  5. Setup Report Manager URL:
    1. Navigate to “Report Manager URL“, and change your virtual directory name to “Reports“. Click “Apply“.

Before we can run the MBAM installer, we need to set a master key encryption on the database server.

  1. Open “SSMS.exe“, and connect to the SQL Server instance.
  2. Execute the following statement against the master database.

We are now able to install the MBAM service, you can get the MDOP that contains the MBAM setup files with your MSDN or VLSC account.

  1. Run the “MbamSetup.exe” (64-bit).
  2. Click on “Start“.
  3. Accept the terms and conditions, click “Next”.
  4. If the prequirements test succeed, choose if you want encryption in your installation. Choose the certificate and click “Next“.
    1. If you choose encryption, make sure that your SQL Engine service account is able to read the certificate.
    2. run “MMC.exe” -> “File” -> Choose “Add/Remove Snap-in” -> Add “Certificates” -> Choose “Computer Account” -> Click “Next” and “Finish” -> “OK“.
    3. Navigate to “Certificates” -> “Personal” -> “Certificates” -> Right click on the certificate -> “All Tasks” then “Manage Private Keys” -> Add your SQL Engine account with “Full Control“.
  5. Verify the database configuration page, and click “Next“.
  6. Choose your service account (remember to make it sysadmin on the database) that needs to run the web application pool.
  7. Configure the TCP IP port binding, host name and installation path for the web application. Click “Next“.
  8. Go through the wizard until the installation is completed.


Experienced advanced operations engineer with a demonstrated history of working in the information technology and services industry. Skilled in Windows Server, Azure, Ethical Hacking, Office 365, Exchange, Jenkins, SCCM, Octopus Deploy and PowerShell to name a few. Strong engineering professional with a big passion for knowledge.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.