configuration.mof ファイルの編集
クライアント コンピューターが Microsoft BitLocker 管理および監視 (MBAM) Configuration Manager レポートを使用して BitLocker コンプライアンスの詳細を報告できるようにするには、System Center 2012 Configuration Manager または Configuration Manager 2007 のどちらを使用しているかに関係なく、 Configuration.mof ファイルを編集する必要があります。 使用している Configuration Manager のバージョンについては、次の手順を実行します。
System Center 2012 Configuration Manager の Configuration.mof ファイルを編集するには
Configuration Manager サーバーで、 Configuration.mof ファイルの場所を参照します。
<CMInstallLocation>\Inboxes\clifiles.src\hinv\
既定のインストールでは、インストール場所は %systemdrive%\Program Files \Microsoft Configuration Manager です。
Configuration.mof ファイルを編集して、次の MBAM クラスを追加します。
//=================================================== // Microsoft BitLocker Administration and Monitoring //=================================================== #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled, NoncomplianceDetectedDate, EnforcePolicyDate from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")] class Win32_BitLockerEncryptionDetails { [PropertySources{"DeviceId"},key] String DeviceId; [PropertySources{"BitlockerPersistentVolumeId"}] String BitlockerPersistentVolumeId; [PropertySources{"BitLockerManagementPersistentVolumeId"}] String MbamPersistentVolumeId; //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3 [PropertySources{"BitLockerManagementVolumeType"}] SInt32 MbamVolumeType; [PropertySources{"DriveLetter"}] String DriveLetter; //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2 [PropertySources{"Compliant"}] SInt32 Compliant; [PropertySources{"ReasonsForNonCompliance"}] SInt32 ReasonsForNonCompliance[]; [PropertySources{"KeyProtectorTypes"}] SInt32 KeyProtectorTypes[]; [PropertySources{"EncryptionMethod"}] SInt32 EncryptionMethod; [PropertySources{"ConversionStatus"}] SInt32 ConversionStatus; [PropertySources{"ProtectionStatus"}] SInt32 ProtectionStatus; [PropertySources{"IsAutoUnlockEnabled"}] Boolean IsAutoUnlockEnabled; [PropertySources{"NoncomplianceDetectedDate"}] String NoncomplianceDetectedDate; [PropertySources{"EnforcePolicyDate"}] String EnforcePolicyDate; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) [DYNPROPS] Class Win32Reg_MBAMPolicy { [key] string KeyName; //General encryption requirements UInt32 OsDriveEncryption; UInt32 FixedDataDriveEncryption; UInt32 EncryptionMethod; //Required protectors properties UInt32 OsDriveProtector; UInt32 FixedDataDriveAutoUnlock; UInt32 FixedDataDrivePassphrase; //MBAM Agent fields Uint32 MBAMPolicyEnforced; string LastConsoleUser; datetime UserExemptionDate; UInt32 MBAMMachineError; // Encoded Computer Name string EncodedComputerName; }; [DYNPROPS] Instance of Win32Reg_MBAMPolicy { KeyName="BitLocker policy"; //General encryption requirements [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] OsDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] EncryptionMethod; //Required protectors properties [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] OsDriveProtector; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveAutoUnlock; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] FixedDataDrivePassphrase; //MBAM agent fields [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] MBAMPolicyEnforced; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] LastConsoleUser; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] MBAMMachineError; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] EncodedComputerName; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_OperatingSystemExtended { [PropertySources{"Name"},key] string Name; [PropertySources{"OperatingSystemSKU"}] uint32 SKU; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_ComputerSystemExtended { [PropertySources{"Name"},key] string Name; [PropertySources{"PCSystemType"}] uint16 PCSystemType; }; //======================================================= // Microsoft BitLocker Administration and Monitoring end //=======================================================
Configuration Manager 2007 の Configuration.mof ファイルを編集するには
Configuration Manager サーバーで、 Configuration.mof ファイルの場所を参照します。
<CMInstallLocation>\Inboxes\clifiles.src\hinv\
既定のインストールでは、インストール場所は %systemdrive%\Program Files (x86)\Microsoft Configuration Manager です。
Configuration.mof ファイルを編集して、次の MBAM クラスを追加します。
//=================================================== // Microsoft BitLocker Administration and Monitoring //=================================================== #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled, NoncomplianceDetectedDate, EnforcePolicyDate from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")] class Win32_BitLockerEncryptionDetails { [PropertySources{"DeviceId"},key] String DeviceId; [PropertySources{"BitlockerPersistentVolumeId"}] String BitlockerPersistentVolumeId; [PropertySources{"BitLockerManagementPersistentVolumeId"}] String MbamPersistentVolumeId; //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3 [PropertySources{"BitLockerManagementVolumeType"}] SInt32 MbamVolumeType; [PropertySources{"DriveLetter"}] String DriveLetter; //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2 [PropertySources{"Compliant"}] SInt32 Compliant; [PropertySources{"ReasonsForNonCompliance"}] SInt32 ReasonsForNonCompliance[]; [PropertySources{"KeyProtectorTypes"}] SInt32 KeyProtectorTypes[]; [PropertySources{"EncryptionMethod"}] SInt32 EncryptionMethod; [PropertySources{"ConversionStatus"}] SInt32 ConversionStatus; [PropertySources{"ProtectionStatus"}] SInt32 ProtectionStatus; [PropertySources{"IsAutoUnlockEnabled"}] Boolean IsAutoUnlockEnabled; [PropertySources{"NoncomplianceDetectedDate"}] String NoncomplianceDetectedDate; [PropertySources{"EnforcePolicyDate"}] String EnforcePolicyDate; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) [DYNPROPS] Class Win32Reg_MBAMPolicy { [key] string KeyName; //General encryption requirements UInt32 OsDriveEncryption; UInt32 FixedDataDriveEncryption; UInt32 EncryptionMethod; //Required protectors properties UInt32 OsDriveProtector; UInt32 FixedDataDriveAutoUnlock; UInt32 FixedDataDrivePassphrase; //MBAM Agent fields Uint32 MBAMPolicyEnforced; string LastConsoleUser; datetime UserExemptionDate; UInt32 MBAMMachineError; // Encoded Computer Name string EncodedComputerName; }; [DYNPROPS] Instance of Win32Reg_MBAMPolicy { KeyName="BitLocker policy"; //General encryption requirements [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] OsDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] EncryptionMethod; //Required protectors properties [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] OsDriveProtector; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveAutoUnlock; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] FixedDataDrivePassphrase; //MBAM agent fields [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] MBAMPolicyEnforced; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] LastConsoleUser; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] MBAMMachineError; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] EncodedComputerName; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL) [DYNPROPS] Class Win32Reg_MBAMPolicy_64 { [key] string KeyName; //General encryption requirements UInt32 OsDriveEncryption; UInt32 FixedDataDriveEncryption; UInt32 EncryptionMethod; //Required protectors properties UInt32 OsDriveProtector; UInt32 FixedDataDriveAutoUnlock; UInt32 FixedDataDrivePassphrase; //MBAM Agent fields Uint32 MBAMPolicyEnforced; string LastConsoleUser; datetime UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU UInt32 MBAMMachineError; // Encoded Computer Name string EncodedComputerName; }; [DYNPROPS] Instance of Win32Reg_MBAMPolicy_64 { KeyName="BitLocker policy"; //General encryption requirements [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] OsDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] EncryptionMethod; //Required protectors properties [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] OsDriveProtector; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveAutoUnlock; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] FixedDataDrivePassphrase; //MBAM agent fields [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] MBAMPolicyEnforced; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] LastConsoleUser; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] MBAMMachineError; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] EncodedComputerName; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_OperatingSystemExtended { [PropertySources{"Name"},key] string Name; [PropertySources{"OperatingSystemSKU"}] uint32 SKU; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_ComputerSystemExtended { [PropertySources{"Name"},key] string Name; [PropertySources{"PCSystemType"}] uint16 PCSystemType; }; //======================================================= // Microsoft BitLocker Administration and Monitoring end //=======================================================