Edición del archivo Configuration.mof
Se aplica a: Microsoft BitLocker Administration and Monitoring 2.0, Microsoft BitLocker Administration and Monitoring 2.0 SP1
Para permitir que los equipos cliente notifiquen los detalles de cumplimiento de BitLocker a través de informes de Configuration Manager de MBAM, debe editar el archivo Configuration.mof, tanto si usa Configuration Manager 2007 como si usa System Center 2012 Configuration Manager. Complete las siguientes instrucciones para la versión de Configuration Manager que esté utilizando.
Importante
Si está instalando Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 Service Pack 1 (SP1), ya sea una instalación nueva o una actualización de una versión anterior, vea el artículo correspondiente en Acerca de MBAM 2.0 SP1 como se describe en las viñetas siguientes:
- Para una instalación nueva de MBAM 2.0 SP1, vea Archivos necesarios para la instalación de MBAM 2.0 SP1 si está utilizando MBAM con Configuration Manager.
- Para una actualización a MBAM 2.0 SP1, vea Actualizar el archivo configuration.mof si actualiza a MBAM 2.0 SP1 y está utilizando MBAM con Configuration Manager 2007.
Para crear el archivo configuration.mof si está utilizando MBAM 2.0 SP1 con Configuration Manager
- Consulte la nota “Importante” sobre MBAM 2.0 SP1 que aparece anteriormente en este tema para obtener las instrucciones correspondientes que se deben seguir en Acerca de MBAM 2.0 SP1.
Para editar el archivo Configuration.mof para System Center 2012 Configuration Manager
En el servidor de Configuration Manager, busque la ubicación del archivo Configuration.mof:
<ubicaciónDeInstalaciónDeCM>\Inboxes\clifiles.src\hinv\
En una instalación predeterminada, la ubicación de instalación es %systemdrive%\Archivos de programa\Microsoft Configuration Manager.
Edite el archivo Configuration.mof para anexar las siguientes clases de MBAM:
//=================================================== // Microsoft BitLocker Administration and Monitoring //=================================================== #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")] class Win32_BitLockerEncryptionDetails { [PropertySources{"DeviceId"},key] String DeviceId; [PropertySources{"BitlockerPersistentVolumeId"}] String BitlockerPersistentVolumeId; [PropertySources{"BitLockerManagementPersistentVolumeId"}] String MbamPersistentVolumeId; //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3 [PropertySources{"BitLockerManagementVolumeType"}] SInt32 MbamVolumeType; [PropertySources{"DriveLetter"}] String DriveLetter; //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2 [PropertySources{"Compliant"}] SInt32 Compliant; [PropertySources{"ReasonsForNonCompliance"}] SInt32 ReasonsForNonCompliance[]; [PropertySources{"KeyProtectorTypes"}] SInt32 KeyProtectorTypes[]; [PropertySources{"EncryptionMethod"}] SInt32 EncryptionMethod; [PropertySources{"ConversionStatus"}] SInt32 ConversionStatus; [PropertySources{"ProtectionStatus"}] SInt32 ProtectionStatus; [PropertySources{"IsAutoUnlockEnabled"}] Boolean IsAutoUnlockEnabled; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) [DYNPROPS] Class Win32Reg_MBAMPolicy { [key] string KeyName; //General encryption requirements UInt32 OsDriveEncryption; UInt32 FixedDataDriveEncryption; UInt32 EncryptionMethod; //Required protectors properties UInt32 OsDriveProtector; UInt32 FixedDataDriveAutoUnlock; UInt32 FixedDataDrivePassphrase; //MBAM agent fields Uint32 MBAMPolicyEnforced; string LastConsoleUser; datetime UserExemptionDate; UInt32 MBAMMachineError; // Encoded computer name string EncodedComputerName; }; [DYNPROPS] Instance of Win32Reg_MBAMPolicy { KeyName="BitLocker policy"; //General encryption requirements [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] OsDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] EncryptionMethod; //Required protectors properties [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] OsDriveProtector; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveAutoUnlock; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] FixedDataDrivePassphrase; //MBAM agent fields [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] MBAMPolicyEnforced; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] LastConsoleUser; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] MBAMMachineError; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] EncodedComputerName; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_OperatingSystemExtended { [PropertySources{"Name"},key] string Name; [PropertySources{"OperatingSystemSKU"}] uint32 SKU; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_ComputerSystemExtended { [PropertySources{"Name"},key] string Name; [PropertySources{"PCSystemType"}] uint16 PCSystemType; }; //======================================================= // Microsoft BitLocker Administration and Monitoring end //=======================================================
Para editar el archivo Configuration.mof para Configuration Manager 2007
En el servidor de Configuration Manager, busque la ubicación del archivo Configuration.mof:
<ubicaciónDeInstalaciónDeCM>\Inboxes\clifiles.src\hinv\
En una instalación predeterminada, la ubicación de instalación es %systemdrive%\Archivos de programa (x86)\Microsoft Configuration Manager.
Edite el archivo Configuration.mof para anexar las siguientes clases de MBAM:
//=================================================== // Microsoft BitLocker Administration and Monitoring //=================================================== #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")] class Win32_BitLockerEncryptionDetails { [PropertySources{"DeviceId"},key] String DeviceId; [PropertySources{"BitlockerPersistentVolumeId"}] String BitlockerPersistentVolumeId; [PropertySources{"BitLockerManagementPersistentVolumeId"}] String MbamPersistentVolumeId; //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3 [PropertySources{"BitLockerManagementVolumeType"}] SInt32 MbamVolumeType; [PropertySources{"DriveLetter"}] String DriveLetter; //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2 [PropertySources{"Compliant"}] SInt32 Compliant; [PropertySources{"ReasonsForNonCompliance"}] SInt32 ReasonsForNonCompliance[]; [PropertySources{"KeyProtectorTypes"}] SInt32 KeyProtectorTypes[]; [PropertySources{"EncryptionMethod"}] SInt32 EncryptionMethod; [PropertySources{"ConversionStatus"}] SInt32 ConversionStatus; [PropertySources{"ProtectionStatus"}] SInt32 ProtectionStatus; [PropertySources{"IsAutoUnlockEnabled"}] Boolean IsAutoUnlockEnabled; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) [DYNPROPS] Class Win32Reg_MBAMPolicy { [key] string KeyName; //General encryption requirements UInt32 OsDriveEncryption; UInt32 FixedDataDriveEncryption; UInt32 EncryptionMethod; //Required protectors properties UInt32 OsDriveProtector; UInt32 FixedDataDriveAutoUnlock; UInt32 FixedDataDrivePassphrase; //MBAM agent fields Uint32 MBAMPolicyEnforced; string LastConsoleUser; datetime UserExemptionDate; UInt32 MBAMMachineError; // Encoded computer name string EncodedComputerName; }; [DYNPROPS] Instance of Win32Reg_MBAMPolicy { KeyName="BitLocker policy"; //General encryption requirements [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] OsDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] EncryptionMethod; //Required protectors properties [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] OsDriveProtector; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveAutoUnlock; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] FixedDataDrivePassphrase; //MBAM agent fields [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] MBAMPolicyEnforced; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] LastConsoleUser; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] MBAMMachineError; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] EncodedComputerName; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL) [DYNPROPS] Class Win32Reg_MBAMPolicy_64 { [key] string KeyName; //General encryption requirements UInt32 OsDriveEncryption; UInt32 FixedDataDriveEncryption; UInt32 EncryptionMethod; //Required protectors properties UInt32 OsDriveProtector; UInt32 FixedDataDriveAutoUnlock; UInt32 FixedDataDrivePassphrase; //MBAM agent fields Uint32 MBAMPolicyEnforced; string LastConsoleUser; datetime UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU UInt32 MBAMMachineError; // Encoded computer name string EncodedComputerName; }; [DYNPROPS] Instance of Win32Reg_MBAMPolicy_64 { KeyName="BitLocker policy"; //General encryption requirements [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] OsDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] EncryptionMethod; //Required protectors properties [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] OsDriveProtector; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveAutoUnlock; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] FixedDataDrivePassphrase; //MBAM agent fields [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] MBAMPolicyEnforced; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] LastConsoleUser; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] MBAMMachineError; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] EncodedComputerName; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_OperatingSystemExtended { [PropertySources{"Name"},key] string Name; [PropertySources{"OperatingSystemSKU"}] uint32 SKU; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_ComputerSystemExtended { [PropertySources{"Name"},key] string Name; [PropertySources{"PCSystemType"}] uint16 PCSystemType; }; //======================================================= // Microsoft BitLocker Administration and Monitoring end //=======================================================
Vea también
Conceptos
Implementación de MBAM con Configuration Manager
Otros recursos
Creación o edición de los archivos mof
-----
Para obtener más información acerca de MDOP, consulte la biblioteca de TechNet, busque soluciones de problemas en TechNet Wikio síganos en Facebook o Twitter.
-----