編輯 configuration.mof 檔案
若要讓用戶端電腦透過 Microsoft BitLocker Administration and Monitoring (MBAM) Configuration Manager 報告來報告 BitLocker 合規性詳細數據,您必須編輯 Configuration.mof 檔案,無論您使用的是 System Center 2012 Configuration Manager 或 Configuration Manager 2007。 針對您使用的 Configuration Manager 版本,完成下列指示。
編輯 System Center 2012 Configuration Manager 的 Configuration.mof 檔案
在 Configuration Manager 伺服器上,流覽至 Configuration.mof 檔案的位置:
<CMInstallLocation>\Inboxes\clifiles.src\hinv\
在預設安裝時,安裝位置是 %systemdrive%\Program Files \Microsoft Configuration Manager。
編輯 Configuration.mof 檔案以附加下列 MBAM 類別:
//=================================================== // Microsoft BitLocker Administration and Monitoring //=================================================== #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled, NoncomplianceDetectedDate, EnforcePolicyDate from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")] class Win32_BitLockerEncryptionDetails { [PropertySources{"DeviceId"},key] String DeviceId; [PropertySources{"BitlockerPersistentVolumeId"}] String BitlockerPersistentVolumeId; [PropertySources{"BitLockerManagementPersistentVolumeId"}] String MbamPersistentVolumeId; //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3 [PropertySources{"BitLockerManagementVolumeType"}] SInt32 MbamVolumeType; [PropertySources{"DriveLetter"}] String DriveLetter; //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2 [PropertySources{"Compliant"}] SInt32 Compliant; [PropertySources{"ReasonsForNonCompliance"}] SInt32 ReasonsForNonCompliance[]; [PropertySources{"KeyProtectorTypes"}] SInt32 KeyProtectorTypes[]; [PropertySources{"EncryptionMethod"}] SInt32 EncryptionMethod; [PropertySources{"ConversionStatus"}] SInt32 ConversionStatus; [PropertySources{"ProtectionStatus"}] SInt32 ProtectionStatus; [PropertySources{"IsAutoUnlockEnabled"}] Boolean IsAutoUnlockEnabled; [PropertySources{"NoncomplianceDetectedDate"}] String NoncomplianceDetectedDate; [PropertySources{"EnforcePolicyDate"}] String EnforcePolicyDate; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) [DYNPROPS] Class Win32Reg_MBAMPolicy { [key] string KeyName; //General encryption requirements UInt32 OsDriveEncryption; UInt32 FixedDataDriveEncryption; UInt32 EncryptionMethod; //Required protectors properties UInt32 OsDriveProtector; UInt32 FixedDataDriveAutoUnlock; UInt32 FixedDataDrivePassphrase; //MBAM Agent fields Uint32 MBAMPolicyEnforced; string LastConsoleUser; datetime UserExemptionDate; UInt32 MBAMMachineError; // Encoded Computer Name string EncodedComputerName; }; [DYNPROPS] Instance of Win32Reg_MBAMPolicy { KeyName="BitLocker policy"; //General encryption requirements [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] OsDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] EncryptionMethod; //Required protectors properties [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] OsDriveProtector; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveAutoUnlock; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] FixedDataDrivePassphrase; //MBAM agent fields [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] MBAMPolicyEnforced; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] LastConsoleUser; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] MBAMMachineError; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] EncodedComputerName; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_OperatingSystemExtended { [PropertySources{"Name"},key] string Name; [PropertySources{"OperatingSystemSKU"}] uint32 SKU; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_ComputerSystemExtended { [PropertySources{"Name"},key] string Name; [PropertySources{"PCSystemType"}] uint16 PCSystemType; }; //======================================================= // Microsoft BitLocker Administration and Monitoring end //=======================================================
編輯 Configuration Manager 2007 的 Configuration.mof 檔案
在 Configuration Manager 伺服器上,流覽至 Configuration.mof 檔案的位置:
<CMInstallLocation>\Inboxes\clifiles.src\hinv\
在預設安裝上,安裝位置為 %systemdrive%\Program Files (x86) \Microsoft Configuration Manager。
編輯 Configuration.mof 檔案以附加下列 MBAM 類別:
//=================================================== // Microsoft BitLocker Administration and Monitoring //=================================================== #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled, NoncomplianceDetectedDate, EnforcePolicyDate from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")] class Win32_BitLockerEncryptionDetails { [PropertySources{"DeviceId"},key] String DeviceId; [PropertySources{"BitlockerPersistentVolumeId"}] String BitlockerPersistentVolumeId; [PropertySources{"BitLockerManagementPersistentVolumeId"}] String MbamPersistentVolumeId; //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3 [PropertySources{"BitLockerManagementVolumeType"}] SInt32 MbamVolumeType; [PropertySources{"DriveLetter"}] String DriveLetter; //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2 [PropertySources{"Compliant"}] SInt32 Compliant; [PropertySources{"ReasonsForNonCompliance"}] SInt32 ReasonsForNonCompliance[]; [PropertySources{"KeyProtectorTypes"}] SInt32 KeyProtectorTypes[]; [PropertySources{"EncryptionMethod"}] SInt32 EncryptionMethod; [PropertySources{"ConversionStatus"}] SInt32 ConversionStatus; [PropertySources{"ProtectionStatus"}] SInt32 ProtectionStatus; [PropertySources{"IsAutoUnlockEnabled"}] Boolean IsAutoUnlockEnabled; [PropertySources{"NoncomplianceDetectedDate"}] String NoncomplianceDetectedDate; [PropertySources{"EnforcePolicyDate"}] String EnforcePolicyDate; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) [DYNPROPS] Class Win32Reg_MBAMPolicy { [key] string KeyName; //General encryption requirements UInt32 OsDriveEncryption; UInt32 FixedDataDriveEncryption; UInt32 EncryptionMethod; //Required protectors properties UInt32 OsDriveProtector; UInt32 FixedDataDriveAutoUnlock; UInt32 FixedDataDrivePassphrase; //MBAM Agent fields Uint32 MBAMPolicyEnforced; string LastConsoleUser; datetime UserExemptionDate; UInt32 MBAMMachineError; // Encoded Computer Name string EncodedComputerName; }; [DYNPROPS] Instance of Win32Reg_MBAMPolicy { KeyName="BitLocker policy"; //General encryption requirements [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] OsDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] EncryptionMethod; //Required protectors properties [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] OsDriveProtector; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveAutoUnlock; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] FixedDataDrivePassphrase; //MBAM agent fields [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] MBAMPolicyEnforced; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] LastConsoleUser; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] MBAMMachineError; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] EncodedComputerName; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL) [DYNPROPS] Class Win32Reg_MBAMPolicy_64 { [key] string KeyName; //General encryption requirements UInt32 OsDriveEncryption; UInt32 FixedDataDriveEncryption; UInt32 EncryptionMethod; //Required protectors properties UInt32 OsDriveProtector; UInt32 FixedDataDriveAutoUnlock; UInt32 FixedDataDrivePassphrase; //MBAM Agent fields Uint32 MBAMPolicyEnforced; string LastConsoleUser; datetime UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU UInt32 MBAMMachineError; // Encoded Computer Name string EncodedComputerName; }; [DYNPROPS] Instance of Win32Reg_MBAMPolicy_64 { KeyName="BitLocker policy"; //General encryption requirements [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] OsDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] EncryptionMethod; //Required protectors properties [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] OsDriveProtector; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveAutoUnlock; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] FixedDataDrivePassphrase; //MBAM agent fields [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] MBAMPolicyEnforced; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] LastConsoleUser; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] MBAMMachineError; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] EncodedComputerName; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_OperatingSystemExtended { [PropertySources{"Name"},key] string Name; [PropertySources{"OperatingSystemSKU"}] uint32 SKU; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_ComputerSystemExtended { [PropertySources{"Name"},key] string Name; [PropertySources{"PCSystemType"}] uint16 PCSystemType; }; //======================================================= // Microsoft BitLocker Administration and Monitoring end //=======================================================