Helpdesk Website

The Helpdesk portal is used by admins to assist users to unlock their drives when they have been locked due to changes to the BIOS or TPM.

The Helpdesk portal is https://mbam.oit.ncsu.edu/helpdesk

Users will log in with their .admin accounts. The Helpdesk portal will allow admins to view reports, recover drives, and manage TPM’s.

mbam_helpdesk

Reports

When viewing reports admins will have to login a second time because the reports are hosted on another server that they will need to be authenticated to.

mbam_reports

The three reports admins will have access to are Enterprise Compliance Report, Computer Compliance Report, and Audit and Recovery.

Enterprise Compliance gives an overview of all machines that have ever talked to the MBAM servers.

mbam_enterprisecompliance

The pie graph gives you a quick view of overall compliance. All machines are listed below and more detailed information can be viewed by clicking on a computer name.

If you want detailed information about a specific computer use the Computer Compliance report. Enter the name of the computer you want more information on.

mbam_enterprisedetail

In this example you can see the drives that are encrypted and how they are encryption.

Drive Recovery

Most users needing help, will need the Recovery Password because of changes to the BIOS. Recovery Passwords can be obtained from the Drive Recovery page.

mbam_driverecovery

 

There are four pieces of required information that will needed to be entered to retrieve the Recovery Password.

User Domain – This will always be wolftech.ad.ncsu.edu

User ID – the end users UnityID, a user can only recover a drive through the Self Service portal or have a admin retrieve a Recovery Password for them if the end user has previously logged into the computer having issues. This prevents users from gaining access to data they are not authorized to have.

Key ID – when there is a BitLocker event the end user is present with a BitLocker recovery screen.

mbam_error

The Key ID is the Password ID on the recovery screen. The helpdesk portal only needs the first 8 characters to recovery the drive

Reason for Drive Unlock – This is a drop down list. This information is what is put into the Recovery Audit Report. While the reason selected should be as accurate as possible, the listed reason will not change the recovery process.

mbam_driverecovery_reason

If all of the information is input correctly the Drive Recovery Key will be displayed.

The 48 digit Key will need to be typed in by the end user. If the key is correct Windows will boot normally.

If the user or admin is able to verify that there were changes made to the BIOS and those changes are correct, the changes will need to be “committed” to BitLocker so the end user will not be present with the BitLocker recovery screen on next reboot.

This is done by going to the Control Panel -> System and Security -> BitLocker Drive Encryption

Under Operation system drive “Suspend protection”

mbam_suspend

 

Administrator credentials will be needed. Then “Resume protection”

mbam_resume

 

A reboot is not necessary, but a reboot will confirm the changes were applied and the end user will not continue to have problems.

Manage TPM

The last table Manage TPM is used when the TPM is locked out. A TPM Lockout can occur if an end user enters the incorrect PIN too many times. The number of times an incorrect Pin can be entered varies by TPM manufacturer.

mbam_tpmrecovery

 

Computer Domain – will always be wolftech.ad.ncsu.edu

Computer Name – the NETBIOS name of the computer

User Domain   – will always be wolftech.ad.ncsu.edu

User ID – user unityID

Reason for request TPM Owner Password File – this is a drop down list, and while the selection should be as accurate as possible this information will be record in the Recovery Audit Report. The selection will not change the recovery process.

mbam_tpmrecovery_reason

 

Save the TPM password file. If the end user is an administrator on their machine they can use the password reset password to reset the TPM. If they are not someone with administrative access to the machine will need to help.

mbam_tpmrecovery_file

To use the TPM reset password file go to the Control Panel -> System and Security -> BitLocker Drive Encryption. In the lower left hand corner look for TPM Administration.

In the right hand panel select Reset TPM Lockout

mbam_tpmrecovery_control

Select “I have the owner password file”

mbam_tpmrecovery_control2

Browse to the location of the password reset file and click Reset TPM Lockout

mbam_tpmrecovery_file

Do not leave the password reset file on the end users computer and do not give the end user the reset password as this poses a security risk.