Modifier le fichier Configuration.mof

S'applique à: Microsoft BitLocker Administration and Monitoring 2.0, Microsoft BitLocker Administration and Monitoring 2.0 SP1

Pour permettre aux ordinateurs clients de créer des rapports sur les détails de la conformité BitLocker via les rapports Configuration Manager de MBAM, vous devez modifier le fichier Configuration.mof, que vous utilisiez Configuration Manager 2007 ou System Center 2012 Configuration Manager. Suivez les instructions ci-dessous pour la version de Configuration Manager que vous utilisez.

Important

Si vous installez Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 Service Pack 1 (SP1), soit en effectuant une nouvelle installation soit avec une mise à niveau depuis une version précédente, consultez la section appropriée dans À propos de MBAM 2.0 SP1 comme décrit dans les points suivants :

  • Pour une nouvelle installation de MBAM 2.0 SP1, voir Fichiers requis pour l'installation de MBAM 2.0 SP1 si vous utilisez MBAM avec Configuration Manager.

  • Pour une mise à niveau vers MBAM 2.0 SP1, voir Mettre à jour le fichier configuration.mof si vous effectuez une mise à niveau vers MBAM 2.0 SP1 et utilisez MBAM avec Configuration Manager 2007.

Pour créer le fichier configuration.mof si vous utilisez MBAM 2.0 SP1 avec Configuration Manager

  1. Voir la mention « Important » sur MBAM 2.0 SP1 précédemment dans cette rubrique pour les instructions à suivre dans À propos de MBAM 2.0 SP1.

Pour modifier le fichier Configuration.mof pour System Center 2012 Configuration Manager

  1. Sur le serveur Configuration Manager, accédez à l'emplacement du fichier Configuration.mof :

    <CMInstallLocation>\Inboxes\clifiles.src\hinv\

    Dans une installation par défaut, l'emplacement d'installation est %systemdrive%\Program Files \Microsoft Configuration Manager.

  2. Modifiez le fichier Configuration.mof pour ajouter les classes MBAM suivantes :

    //===================================================
    
    // Microsoft BitLocker Administration and Monitoring 
    
    //===================================================
    
    #pragma namespace ("\\\\.\\root\\cimv2")
    
    #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
    
    [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")]
    
    class Win32_BitLockerEncryptionDetails
    
    {
    
        [PropertySources{"DeviceId"},key]
    
        String     DeviceId;
    
        [PropertySources{"BitlockerPersistentVolumeId"}]
    
        String     BitlockerPersistentVolumeId;
    
        [PropertySources{"BitLockerManagementPersistentVolumeId"}]
    
        String     MbamPersistentVolumeId;
    
        //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3
    
        [PropertySources{"BitLockerManagementVolumeType"}]
    
        SInt32     MbamVolumeType;
    
        [PropertySources{"DriveLetter"}]
    
        String     DriveLetter;
    
        //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2
    
        [PropertySources{"Compliant"}]
    
        SInt32     Compliant;
    
        [PropertySources{"ReasonsForNonCompliance"}]
    
        SInt32     ReasonsForNonCompliance[];
    
        [PropertySources{"KeyProtectorTypes"}]
    
        SInt32     KeyProtectorTypes[];
    
        [PropertySources{"EncryptionMethod"}]
    
        SInt32     EncryptionMethod;
    
        [PropertySources{"ConversionStatus"}]
    
        SInt32     ConversionStatus;
    
        [PropertySources{"ProtectionStatus"}]
    
        SInt32     ProtectionStatus;
    
        [PropertySources{"IsAutoUnlockEnabled"}]
    
        Boolean     IsAutoUnlockEnabled;
    
    };
    
    
    #pragma namespace ("\\\\.\\root\\cimv2")
    
    #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
    
     [DYNPROPS]
    
    Class Win32Reg_MBAMPolicy
    
    {
    
        [key]
    
        string KeyName;
    
    
        //General encryption requirements
    
        UInt32    OsDriveEncryption;
    
        UInt32    FixedDataDriveEncryption;
    
        UInt32    EncryptionMethod;
    
    
        //Required protectors properties
    
        UInt32    OsDriveProtector;
    
        UInt32    FixedDataDriveAutoUnlock;
    
        UInt32    FixedDataDrivePassphrase;
    
    
        //MBAM agent fields
    
        Uint32    MBAMPolicyEnforced;
    
        string    LastConsoleUser;
    
        datetime  UserExemptionDate;
    
        UInt32    MBAMMachineError;
    
    
        // Encoded computer name
    
        string    EncodedComputerName;
    
    };
    
    
    [DYNPROPS]
    
    Instance of Win32Reg_MBAMPolicy
    
    {
    
    KeyName="BitLocker policy";
    
    
        //General encryption requirements
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")]
    
        OsDriveEncryption;
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")]
    
        FixedDataDriveEncryption;
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")]
    
        EncryptionMethod;
    
    
        //Required protectors properties
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")]
    
        OsDriveProtector;
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")]
    
        FixedDataDriveAutoUnlock;
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")]
    
        FixedDataDrivePassphrase;
    
    
        //MBAM agent fields
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")]
    
        MBAMPolicyEnforced;
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")]
    
        LastConsoleUser;
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")]
    
        UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")]
    
        MBAMMachineError;
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")]
    
        EncodedComputerName;
    
    };
    
    
    #pragma namespace ("\\\\.\\root\\cimv2")
    
    #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
    
    [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
    
    dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
    
    class CCM_OperatingSystemExtended
    
    {
    
        [PropertySources{"Name"},key]
    
        string     Name;
    
        [PropertySources{"OperatingSystemSKU"}]
    
        uint32     SKU;
    
    };
    
    
    #pragma namespace ("\\\\.\\root\\cimv2")
    
    #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
    
    [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
    
    dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
    
    class CCM_ComputerSystemExtended
    
    {
    
        [PropertySources{"Name"},key]
    
        string     Name;
    
        [PropertySources{"PCSystemType"}]
    
        uint16     PCSystemType;
    
    };
    
    
    //=======================================================
    
    // Microsoft BitLocker Administration and Monitoring end
    
    //=======================================================
    

Pour modifier le fichier Configuration.mof pour Configuration Manager 2007

  1. Sur le serveur Configuration Manager, accédez à l'emplacement du fichier Configuration.mof :

    <CMInstallLocation>\Inboxes\clifiles.src\hinv\

    Dans une installation par défaut, l'emplacement d'installation est %systemdrive%\Program Files (x86)\Microsoft Configuration Manager.

  2. Modifiez le fichier Configuration.mof pour ajouter les classes MBAM suivantes :

    //===================================================
    
    // Microsoft BitLocker Administration and Monitoring 
    
    //===================================================
    
    
    #pragma namespace ("\\\\.\\root\\cimv2")
    
    #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) 
    
    [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")]
    
    class Win32_BitLockerEncryptionDetails
    
    {
    
        [PropertySources{"DeviceId"},key]
    
        String     DeviceId;
    
        [PropertySources{"BitlockerPersistentVolumeId"}]
    
        String     BitlockerPersistentVolumeId;
    
        [PropertySources{"BitLockerManagementPersistentVolumeId"}]
    
        String     MbamPersistentVolumeId;
    
        //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3
    
        [PropertySources{"BitLockerManagementVolumeType"}]
    
        SInt32     MbamVolumeType;
    
        [PropertySources{"DriveLetter"}]
    
        String     DriveLetter;
    
        //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2
    
        [PropertySources{"Compliant"}]
    
        SInt32     Compliant;
    
        [PropertySources{"ReasonsForNonCompliance"}]
    
        SInt32     ReasonsForNonCompliance[];
    
        [PropertySources{"KeyProtectorTypes"}]
    
        SInt32     KeyProtectorTypes[];
    
        [PropertySources{"EncryptionMethod"}]
    
        SInt32     EncryptionMethod;
    
        [PropertySources{"ConversionStatus"}]
    
        SInt32     ConversionStatus;
    
        [PropertySources{"ProtectionStatus"}]
    
        SInt32     ProtectionStatus;
    
        [PropertySources{"IsAutoUnlockEnabled"}]
    
        Boolean     IsAutoUnlockEnabled;
    
    };
    
    
    #pragma namespace ("\\\\.\\root\\cimv2")
    
    #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
    
     [DYNPROPS]
    
    Class Win32Reg_MBAMPolicy
    
    {
    
        [key]
    
        string KeyName;
    
    
        //General encryption requirements
    
        UInt32    OsDriveEncryption;
    
        UInt32    FixedDataDriveEncryption;
    
        UInt32    EncryptionMethod;
    
    
        //Required protectors properties
    
        UInt32    OsDriveProtector;
    
        UInt32    FixedDataDriveAutoUnlock;
    
        UInt32    FixedDataDrivePassphrase;
    
    
        //MBAM agent fields
    
        Uint32    MBAMPolicyEnforced;
    
        string    LastConsoleUser;
    
        datetime  UserExemptionDate;
    
        UInt32    MBAMMachineError;
    
    
        // Encoded computer name
    
        string    EncodedComputerName;
    
    };
    
    
     [DYNPROPS]
    
    Instance of Win32Reg_MBAMPolicy
    
    {
    
        KeyName="BitLocker policy";
    
    
        //General encryption requirements
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")]
    
        OsDriveEncryption;
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")]
    
        FixedDataDriveEncryption;
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")]
    
        EncryptionMethod;
    
    
        //Required protectors properties
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")]
    
        OsDriveProtector;
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")]
    
        FixedDataDriveAutoUnlock;
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")]
    
        FixedDataDrivePassphrase;
    
    
        //MBAM agent fields
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")]
    
        MBAMPolicyEnforced;
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")]
    
        LastConsoleUser;
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")]
    
        UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")]
    
        MBAMMachineError;
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")]
    
        EncodedComputerName;
    
    };
    
    
    #pragma namespace ("\\\\.\\root\\cimv2")
    
    #pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
    
    [DYNPROPS]
    
    Class Win32Reg_MBAMPolicy_64
    
    {
    
        [key]
    
        string KeyName;
    
    
        //General encryption requirements
    
        UInt32    OsDriveEncryption;
    
        UInt32    FixedDataDriveEncryption;
    
        UInt32    EncryptionMethod;
    
    
        //Required protectors properties
    
        UInt32    OsDriveProtector;
    
        UInt32    FixedDataDriveAutoUnlock;
    
        UInt32    FixedDataDrivePassphrase;
    
    
        //MBAM agent fields
    
        Uint32    MBAMPolicyEnforced;
    
        string    LastConsoleUser;
    
        datetime  UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU
    
        UInt32    MBAMMachineError;
    
    
        // Encoded computer name
    
        string    EncodedComputerName;
    
    };
    
    
    [DYNPROPS]
    
    Instance of Win32Reg_MBAMPolicy_64
    
    {
    
        KeyName="BitLocker policy";
    
    
        //General encryption requirements
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")]
    
        OsDriveEncryption;
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")]
    
        FixedDataDriveEncryption;
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")]
    
        EncryptionMethod;
    
    
        //Required protectors properties
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")]
    
        OsDriveProtector;
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")]
    
        FixedDataDriveAutoUnlock;
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")]
    
        FixedDataDrivePassphrase;
    
    
        //MBAM agent fields
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")]
    
        MBAMPolicyEnforced;
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")]
    
        LastConsoleUser;
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")]
    
        UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU
    
        [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")]
    
        MBAMMachineError;
    
    
    [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")]
    
        EncodedComputerName;
    
    };
    
    
    #pragma namespace ("\\\\.\\root\\cimv2")
    
    #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
    
    [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
    
    dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
    
    class CCM_OperatingSystemExtended
    
    {
    
        [PropertySources{"Name"},key]
    
        string     Name;
    
        [PropertySources{"OperatingSystemSKU"}]
    
        uint32     SKU;
    
    };
    
    
    #pragma namespace ("\\\\.\\root\\cimv2")
    
    #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
    
    [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
    
    dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
    
    class CCM_ComputerSystemExtended
    
    {
    
        [PropertySources{"Name"},key]
    
        string     Name;
    
        [PropertySources{"PCSystemType"}]
    
        uint16     PCSystemType;
    
    };
    
    
    //=======================================================
    
    // Microsoft BitLocker Administration and Monitoring end
    
    //=======================================================
    
    

Voir aussi

Concepts

Déploiement de MBAM avec Configuration Manager

Autres ressources

Création ou modification des fichiers mof

-----
Vous pouvez obtenir davantage d'informations sur MDOP dans la Librairie TechNet, rechercher des solutions de dépannage dans le TechNet Wiki ou nous suivre sur Facebook ou Twitter.
-----