MBAM Beta 2.0 Self Service Portal – This site requires JavaScript to be enabled

It is quite commonplace to be testing bitlocker solutions outside of the corporate environment and I would also imagine that there are numerous institutions that are likely to implement bitlocker that either disallow outright or have stringent control over internet access for client systems.  So it came as a surprise to find that the MBAM 2.0 Self Service Portal (SSP) refuses to work unless the system has internet connectivity.

“This site requires JavaScript to be enabled. How to enable scripting in your browser

The problem here is that the includes within the page code specify sources that are available on a remote Content Delivery Network (CDN) and there is no fallback for locally hosted versions of these files.

  <head>
  <!--         
  -- Third party scripts or code, linked to or referenced from this web site, are licensed to you by the third         
  -- parties that own such code, not by Microsoft, see ASP.NET Ajax CDN Terms of Use         
  -– http://www.asp.net/ajaxlibrary/CDN.ashx.         
  -->         
  <title>     
    MBAM SSP Notice 
  </title>   

  <link rel="stylesheet" href="/SelfService/Content/site.css" type="text/css"/>         
  <script src="//ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js" type="text/javascript"></script>          
  <script src="//ajax.aspnetcdn.com/ajax/3.5/MicrosoftAjax.js" type="text/javascript"></script>          
  <script src="//ajax.aspnetcdn.com/ajax/mvc/2.0/MicrosoftMvcAjax.js" type="text/javascript"></script>         
  <script src="//ajax.aspnetcdn.com/ajax/mvc/2.0/MicrosoftMvcValidation.js" type="text/javascript"></script>         
  <script src="/SelfService/Scripts/SelfServiceWebsite.js" type="text/javascript"></script>          

  <link rel="stylesheet" href="/SelfService/Content/Home/custom.css" type="text/css"/>

  </head>

I’m no web developer, so I had a real quick attempt to remedy this by downloading the referenced .js files and throwing them in the local scripts directory alongside the SelfServiceWebsite.js – alas I couldn’t find where to modify the include to alter the scriptsrc paths.  If anyone find out how to do this, please do let me know.

In the meantime, I can only hope that Microsoft improve the code before final release to include fallback to included local versions of these files.

Andy

Advertisements

MBAM Beta 2.0 & ConfigMgr 2012 SP1: Empty MBAM Supported Computers Collection

I deployed MBAM Beta 2.0 into my lab environment tonight but was struggling to see any compliance information for my MBAM encrypted systems.  The collection which is targeted by the Compliance Baseline was empty – despite the changes made to the configuration.mof and the import of the sms_def.mof classes – and the subsequent fully populated hardware inventory classes with data showing in the resource explorer.  So what gives?

Well, it looks to me like the default collection logic and parentheses might be a little mixed up – resulting in no clients meeting the criteria.  Here’s the default membership rule:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM_EXT on SMS_G_System_OPERATING_SYSTEM_EXT.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_TPM on SMS_G_System_TPM.ResourceID = SMS_R_System.ResourceId where ((SMS_G_System_OPERATING_SYSTEM.Version like "6.1.%" and SMS_G_System_OPERATING_SYSTEM_EXT.SKU in (1,4,27,28,70,71) and SMS_G_System_TPM.SpecVersion >= "1.2") or SMS_G_System_OPERATING_SYSTEM.Version like "6.2.%") and SMS_G_System_COMPUTER_SYSTEM.DomainRole = 1 and SMS_G_System_COMPUTER_SYSTEM.Model not in ("Virtual Machine")

Here’s my modified membership rule that now includes my MBAM clients and non-MBAM clients that have returned HW inventory:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM_EXT on SMS_G_System_OPERATING_SYSTEM_EXT.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_TPM on SMS_G_System_TPM.ResourceID = SMS_R_System.ResourceId where (SMS_G_System_OPERATING_SYSTEM.Version like "6.1.%" or SMS_G_System_OPERATING_SYSTEM.Version like "6.2.%") and SMS_G_System_OPERATING_SYSTEM_EXT.SKU in (1,4,27,28,70,71) and SMS_G_System_COMPUTER_SYSTEM.DomainRole = 1 and SMS_G_System_COMPUTER_SYSTEM.Model not in ("Virtual Machine") and  SMS_G_System_TPM.SpecVersion >= "1.2"

It’s late, maybe I don’t fully understand the default membership rule, but all I know is that my collection now contains the systems it should, and only the systems it should.

Andy