Uncategorized

Managing BitLocker with Configuration Manager: Reporting

April 28, 2020

This guide is broken into five parts:

  1. Preparation Part 1 – Get your Certificate
  2. Preparation Part 2 – Configure IIS and SQL
  3. Deployment
  4. Administration
  5. Reporting

Reporting

In one of my moments of quiet reflection (read: cruising down the backroads in the Mustang) I found myself asking why we rarely hear about using HTTPS for SSRS. Some of the data in the CM database could be sensitive. As an example, I know some organizations consider putting an IP with a hostname sensitive or a device and vulnerabilities. Would BitLocker status be in that category? I would say it is possible that a bad actor could try and find an unencrypted device to target for theft, but it just doesn’t seem feasible. In the greater SSRS sense if a bad actor were able to capture several reports there it is reasonable to think they could glean some sensitive data. With that in mind, I had you prepare for the HTTPS scenario back in Preparation Part 1.

NOTE: You can also find the HTTPS instructions as a standalone post.

Setting SSRS/PBIRS to Native Mode:

Open the Report Server Configuration Manager and connect to SSRS/PBIRS, then click to the Web Service URL tab.

This image has an empty alt attribute; its file name is SSRS1.png

In the drop down for HTTPS certificate, chose the certificate issued earlier.

NOTE: If you forgot to enter the Common Name, this is where the issue will haunt you as the certificate will not be an option in the drop down.

Click Apply

Watch the settings get applied, you may see a certificate reservation error happen, then it will succeed on the retry.

When the process is complete, you will likely get a popup error, that can be ignored and dismissed.

Click to the Web Portal URL tab

Click the Advanced button and a new popup will open

Add two HTTPS identities, one for all IPv4 and one for All IPv6

Click Okay and the changes will apply. You will now see the additional URL listed.

You can now test the SSRS/PBIRS portal in HTTPS and it should load with no errors.

Bitlocker Management Reports:

In the Administration portion of this series, we left off not being able to get the auditing report to load in the HelpDesk Portal and we were heading over to SSRS to find the report there.

I went to the BitLocker Management folder on my reporting point and sure enough, no auditing report. I noticed there were hidden folders, so I thought let’s show hidden items and see what we have.

This image has an empty alt attribute; its file name is image-62-1024x469.png

Now I could see folders for various languages.

I went into the en-us folder and there was the auditing report.

I moved the report out to the main BitLocker Management folder, then clicked manage on it to remove the hidden flag.

I then went back to the BitLocker Management folder and re-hid the folders. That left me with just the five reports visible. I clicked on the audit report and it worked like a champ.

I went through the reports and they were all working, although there is not much for interesting information in a small lab. The reports, like so many SSRS reports, look a bit aged by today’s standards. That said, they work.


I hope this series was useful for you.