(0) exportieren Drucken
Alle erweitern

Anhang D: BitLockerTPMSchemaExtension.ldf – Dateiinhalt

Betrifft: Windows Server 2008,Windows Vista

Im Folgenden finden Sie den Inhalt der Datei BitLockerTPMSchemaExtension.ldf, mit deren Hilfe das Active Directory-Schema von Windows Server 2003 mit SP1 so erweitert werden kann, dass es die Sicherung der Wiederherstellungsinformationen für BitLocker und das TPM-Besitzerkennwort in Active Directory unterstützt.

Wenn Sie das Schema mithilfe dieser Datei erweitern möchten, sollten Sie mit dem Befehl Ldifde vertraut sein, der auf dem Domänencontroller ausgeführt werden muss, der für die Gesamtstruktur die Rolle des Betriebsschemamasters erfüllt.

noteHinweis
Informationen zum Download der Datei finden Sie (möglicherweise in englischer Sprache) unter http://go.microsoft.com/fwlink/?LinkId=78953.

Dateiinhalt

noteHinweis
Einige Zeilen werden bei der Anzeige oder beim Drucken eventuell auf mehrere Zeilen aufgeteilt.

#===================================================================== # # Active Directory Domain Services schema extension for # BitLocker Drive Encryption and Trusted Platform Module (TPM) recovery # # This file contains attributes and class objects that enable # Windows Server 2003 SP1 and Windows Server 2003 R2 domain controllers # to store BitLocker and TPM recovery information. # # Change History: #   11/2005 - Schema additions for Vista Beta 2 (matches "Longhorn" Server Beta 2) #    5/2006 - Schema additions and updates for Vista RC1 (matches "Longhorn" Server Beta 3) # # NOTE: A schema extension is not necessary if the forest includes an installation # of Windows Server Codename "Longhorn". # # To extend the schema, use the LDIFDE tool on the schema master of the forest. # # Sample command: #   ldifde -i -v -f BitLockerTPMSchemaExtension.ldf -c "DC=X" "DC=nttest,dc=microsoft,dc=com" -k -j . # # For more information on LDIFDE tool, see # http://support.microsoft.com/default.aspx?scid=kb;en-us;237677 # # See related guide for setting up Active Directory Domain Services # for BitLocker and TPM recovery. # #=====================================================================


#===================================================================== # [Vista Beta 2 and up] TPM Recovery Information - Attributes #=====================================================================

# # ms-TPM-OwnerInformation # dn: CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=X changetype: add objectClass: attributeSchema ldapDisplayName: msTPM-OwnerInformation adminDisplayName: TPM-OwnerInformation adminDescription: This attribute contains the owner information of a particular TPM. attributeId: 1.2.840.113556.1.4.1966 attributeSyntax: 2.5.5.12 omSyntax: 64 isSingleValued: TRUE searchFlags: 136 schemaIdGuid:: bRpOqg1VBU6MNUr8uRep/g== showInAdvancedViewOnly: TRUE


#====================================================================== # [Vista Beta 2 and up] Bitlocker Recovery Information - Attributes # NOTE: FVE is the acronym for Full Volume Encryption, a pre-release name #=====================================================================

# # ms-FVE-RecoveryGuid # dn: CN=ms-FVE-RecoveryGuid,CN=Schema,CN=Configuration,DC=X changetype: add objectClass: attributeSchema ldapDisplayName: msFVE-RecoveryGuid adminDisplayName: FVE-RecoveryGuid adminDescription: This attribute contains the GUID associated with a Full Volume Encryption (FVE) recovery password. attributeID: 1.2.840.113556.1.4.1965 attributeSyntax: 2.5.5.10 omSyntax: 4 isSingleValued: TRUE searchFlags: 137 schemaIdGuid:: vAlp93jmoEews/hqAETAbQ== showInAdvancedViewOnly: TRUE

# # ms-FVE-RecoveryPassword # dn: CN=ms-FVE-RecoveryPassword,CN=Schema,CN=Configuration,DC=X changetype: add objectClass: attributeSchema ldapDisplayName: msFVE-RecoveryPassword adminDisplayName: FVE-RecoveryPassword adminDescription: This attribute contains the password required to recover a Full Volume Encryption (FVE) volume. attributeId: 1.2.840.113556.1.4.1964 attributeSyntax: 2.5.5.12 omSyntax: 64 isSingleValued: TRUE searchFlags: 136 schemaIdGuid:: wRoGQ63IzEy3hSv6wg/GCg== showInAdvancedViewOnly: TRUE



#===================================================================== # [Vista Beta 2 and up] Attributes - Schema Update #======================================================================

dn: changetype: modify add: schemaUpdateNow schemaUpdateNow: 1 -

#===================================================================== # [Vista Beta 2 and up] BitLocker Recovery Information - Class #=====================================================================

# # ms-FVE-RecoveryInformation # dn: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X changetype: add objectClass: classSchema ldapDisplayName: msFVE-RecoveryInformation adminDisplayName: FVE-RecoveryInformation adminDescription: This class contains a Full Volume Encryption recovery password with its associated GUID. governsID: 1.2.840.113556.1.5.253 objectClassCategory: 1 subClassOf: top systemMustContain: msFVE-RecoveryGuid systemMustContain: msFVE-RecoveryPassword systemPossSuperiors: computer schemaIdGUID:: MF1x6lOP0EC9HmEJGG14LA== defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) defaultHidingValue: TRUE defaultObjectCategory: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X


#===================================================================== # [Vista Beta 2 and up] Classes - Schema Update #=====================================================================

dn: CN=computer,CN=Schema,CN=Configuration,DC=X #changetype: ntdsSchemaModify changetype: modify add: mayContain mayContain: msTPM-OwnerInformation -

dn: changetype: modify add: schemaUpdateNow schemaUpdateNow: 1 -

#===================================================================== # [Vista RC1 and up] Bitlocker Recovery Information - Additional Attributes #=====================================================================

# # ms-FVE-VolumeGuid # dn: CN=ms-FVE-VolumeGuid,CN=Schema,CN=Configuration,DC=X changetype: add objectClass: attributeSchema ldapDisplayName: msFVE-VolumeGuid adminDisplayName: FVE-VolumeGuid adminDescription: This attribute contains the GUID associated with a BitLocker-supported disk volume. Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive Encryption. attributeID: 1.2.840.113556.1.4.1998 attributeSyntax: 2.5.5.10 omSyntax: 4 isSingleValued: TRUE searchFlags: 27 schemaIdGuid:: z6Xlhe7cdUCc/aydtqLyRQ== showInAdvancedViewOnly: TRUE isMemberOfPartialAttributeSet: TRUE rangeUpper: 128

# # ms-FVE-KeyPackage # dn: CN=ms-FVE-KeyPackage,CN=Schema,CN=Configuration,DC=X changetype: add objectClass: attributeSchema ldapDisplayName: msFVE-KeyPackage adminDisplayName: FVE-KeyPackage adminDescription: This attribute contains a volume's BitLocker encryption key secured by the corresponding recovery password. Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive Encryption. attributeId: 1.2.840.113556.1.4.1999 attributeSyntax: 2.5.5.10 omSyntax: 4 isSingleValued: TRUE searchFlags: 152 schemaIdGuid:: qF7VH6eI3EeBKQ2qlxhqVA== showInAdvancedViewOnly: TRUE isMemberOfPartialAttributeSet: FALSE rangeUpper: 102400

#===================================================================== # [Vista RC1 and up] Additional Attributes - Schema Update #=====================================================================

dn: changetype: modify add: schemaUpdateNow schemaUpdateNow: 1 -

#===================================================================== # [Vista RC1 and up] Updates to BitLocker Recovery Information Class #======================================================================

dn: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X changetype: modify replace: adminDescription adminDescription: This class contains BitLocker recovery information including GUIDs, recovery passwords, and keys. Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive Encryption. -

dn: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X changetype: modify add: mayContain mayContain: msFVE-VolumeGuid mayContain: msFVE-KeyPackage -

#===================================================================== # [Vista RC1 and up] Updates to pre-RC1 Attributes #=====================================================================

# # Updates to ms-TPM-OwnerInformation #

dn: CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=X changetype: modify replace: searchFlags searchFlags: 152 -

dn: CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=X changetype: modify replace: rangeUpper rangeUpper: 128 -

# # Updates to ms-FVE-RecoveryGuid #

dn: CN=ms-FVE-RecoveryGuid,CN=Schema,CN=Configuration,DC=X changetype: modify replace: adminDescription adminDescription: This attribute contains the GUID associated with a BitLocker recovery password. Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive Encryption. -

dn: CN=ms-FVE-RecoveryGuid,CN=Schema,CN=Configuration,DC=X changetype: modify replace: searchFlags searchFlags: 27 -

dn: CN=ms-FVE-RecoveryGuid,CN=Schema,CN=Configuration,DC=X changetype: modify replace: rangeUpper rangeUpper: 128 -

dn: CN=ms-FVE-RecoveryGuid,CN=Schema,CN=Configuration,DC=X changetype: modify replace: isMemberOfPartialAttributeSet isMemberOfPartialAttributeSet: TRUE -


# # Updates to ms-FVE-RecoveryPassword #

dn: CN=ms-FVE-RecoveryPassword,CN=Schema,CN=Configuration,DC=X changetype: modify replace: adminDescription adminDescription: This attribute contains a password that can recover a BitLocker-encrypted volume. Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive Encryption. -

dn: CN=ms-FVE-RecoveryPassword,CN=Schema,CN=Configuration,DC=X changetype: modify replace: searchFlags searchFlags: 152 -

dn: CN=ms-FVE-RecoveryPassword,CN=Schema,CN=Configuration,DC=X changetype: modify replace: rangeUpper rangeUpper: 256 -

# # Reload the schema cache to pick up updated attributes #

dn: changetype: modify add: schemaUpdateNow schemaUpdateNow: 1 -

Fanden Sie dies hilfreich?
(1500 verbleibende Zeichen)
Vielen Dank für Ihr Feedback.

Community-Beiträge

Anzeigen:
© 2014 Microsoft