Изменение файла Configuration.mof

Назначение: Microsoft BitLocker Administration and Monitoring 2.5, Microsoft BitLocker Administration and Monitoring 2.5 SP1

Чтобы клиентские компьютеры могли передавать сведения о соответствии BitLocker посредством отчетов MBAM в Configuration Manager, необходимо внести изменения в файл Configuration.mof как для System Center 2012 Configuration Manager, так и для Configuration Manager 2007. Выполните следующие инструкции для используемой версии Configuration Manager.

Изменение файла Configuration.mof для System Center 2012 Configuration Manager

1. На сервере Configuration Manager перейдите в каталог файла Configuration.mof:

   <каталог_установки_CM>\Inboxes\clifiles.src\hinv\

   По умолчанию для установки используется каталог %systemdrive%\Program Files \Microsoft Configuration Manager.

2. Внесите изменения в файл Configuration.mof, добавив следующие классы MBAM.

   //===================================================
   // Microsoft BitLocker Administration and Monitoring 
   //===================================================
   
   #pragma namespace ("\\\\.\\root\\cimv2")
   #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) 
   [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled, NoncomplianceDetectedDate, EnforcePolicyDate from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")]
   class Win32_BitLockerEncryptionDetails
   {
       [PropertySources{"DeviceId"},key]
       String     DeviceId;
       [PropertySources{"BitlockerPersistentVolumeId"}]
       String     BitlockerPersistentVolumeId;
       [PropertySources{"BitLockerManagementPersistentVolumeId"}]
       String     MbamPersistentVolumeId;
       //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3
       [PropertySources{"BitLockerManagementVolumeType"}]
       SInt32     MbamVolumeType;
       [PropertySources{"DriveLetter"}]
       String     DriveLetter;
       //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2
       [PropertySources{"Compliant"}]
       SInt32     Compliant;
       [PropertySources{"ReasonsForNonCompliance"}]
       SInt32     ReasonsForNonCompliance[];
       [PropertySources{"KeyProtectorTypes"}]
       SInt32     KeyProtectorTypes[];
       [PropertySources{"EncryptionMethod"}]
       SInt32     EncryptionMethod;
       [PropertySources{"ConversionStatus"}]
       SInt32     ConversionStatus;
       [PropertySources{"ProtectionStatus"}]
       SInt32     ProtectionStatus;
       [PropertySources{"IsAutoUnlockEnabled"}]
       Boolean     IsAutoUnlockEnabled;
       [PropertySources{"NoncomplianceDetectedDate"}]
       String     NoncomplianceDetectedDate;
       [PropertySources{"EnforcePolicyDate"}]
       String     EnforcePolicyDate;
   };
   
   #pragma namespace ("\\\\.\\root\\cimv2")
   #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
   [DYNPROPS]
   Class Win32Reg_MBAMPolicy
   {
       [key]
       string KeyName;
   
       //General encryption requirements
       UInt32    OsDriveEncryption;
       UInt32    FixedDataDriveEncryption;
       UInt32    EncryptionMethod;
   
       //Required protectors properties
       UInt32    OsDriveProtector;
       UInt32    FixedDataDriveAutoUnlock;
       UInt32    FixedDataDrivePassphrase;
   
       //MBAM Agent fields
       Uint32    MBAMPolicyEnforced;
       string    LastConsoleUser;
       datetime  UserExemptionDate;
       UInt32    MBAMMachineError;
   
       // Encoded Computer Name
       string    EncodedComputerName;
   };
   
   [DYNPROPS]
   Instance of Win32Reg_MBAMPolicy
   {
       KeyName="BitLocker policy";
   
       //General encryption requirements
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")]
       OsDriveEncryption;
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")]
       FixedDataDriveEncryption;
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")]
       EncryptionMethod;
   
       //Required protectors properties
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")]
       OsDriveProtector;
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")]
       FixedDataDriveAutoUnlock;
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")]
       FixedDataDrivePassphrase;
   
       //MBAM agent fields
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")]
       MBAMPolicyEnforced;
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")]
       LastConsoleUser;
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")]
       UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")]
       MBAMMachineError;
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")]
       EncodedComputerName;
   };
   
   #pragma namespace ("\\\\.\\root\\cimv2")
   #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
   [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
   dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
   class CCM_OperatingSystemExtended
   {
       [PropertySources{"Name"},key]
       string     Name;
       [PropertySources{"OperatingSystemSKU"}]
       uint32     SKU;
   };
   
   #pragma namespace ("\\\\.\\root\\cimv2")
   #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
   [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
   dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
   class CCM_ComputerSystemExtended
   {
       [PropertySources{"Name"},key]
       string     Name;
       [PropertySources{"PCSystemType"}]
       uint16     PCSystemType;
   };
   
   //=======================================================
   // Microsoft BitLocker Administration and Monitoring end
   //=======================================================
   

Изменение файла Configuration.mof для Configuration Manager 2007

1. На сервере Configuration Manager перейдите в каталог файла Configuration.mof:

   <каталог_установки_CM>\Inboxes\clifiles.src\hinv\

   По умолчанию для установки используется каталог %systemdrive%\Program Files (x86)\Microsoft Configuration Manager.

2. Внесите изменения в файл Configuration.mof, добавив следующие классы MBAM.

   //===================================================
   // Microsoft BitLocker Administration and Monitoring 
   //===================================================
   
   #pragma namespace ("\\\\.\\root\\cimv2")
   #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) 
   [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled, NoncomplianceDetectedDate, EnforcePolicyDate from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")]
   class Win32_BitLockerEncryptionDetails
   {
       [PropertySources{"DeviceId"},key]
       String     DeviceId;
       [PropertySources{"BitlockerPersistentVolumeId"}]
       String     BitlockerPersistentVolumeId;
       [PropertySources{"BitLockerManagementPersistentVolumeId"}]
       String     MbamPersistentVolumeId;
       //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3
       [PropertySources{"BitLockerManagementVolumeType"}]
       SInt32     MbamVolumeType;
       [PropertySources{"DriveLetter"}]
       String     DriveLetter;
       //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2
       [PropertySources{"Compliant"}]
       SInt32     Compliant;
       [PropertySources{"ReasonsForNonCompliance"}]
       SInt32     ReasonsForNonCompliance[];
       [PropertySources{"KeyProtectorTypes"}]
       SInt32     KeyProtectorTypes[];
       [PropertySources{"EncryptionMethod"}]
       SInt32     EncryptionMethod;
       [PropertySources{"ConversionStatus"}]
       SInt32     ConversionStatus;
       [PropertySources{"ProtectionStatus"}]
       SInt32     ProtectionStatus;
       [PropertySources{"IsAutoUnlockEnabled"}]
       Boolean     IsAutoUnlockEnabled;
       [PropertySources{"NoncomplianceDetectedDate"}]
       String     NoncomplianceDetectedDate;
       [PropertySources{"EnforcePolicyDate"}]
       String     EnforcePolicyDate;
   };
   
   #pragma namespace ("\\\\.\\root\\cimv2")
   #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
   [DYNPROPS]
   Class Win32Reg_MBAMPolicy
   {
       [key]
       string KeyName;
   
       //General encryption requirements
       UInt32    OsDriveEncryption;
       UInt32    FixedDataDriveEncryption;
       UInt32    EncryptionMethod;
   
       //Required protectors properties
       UInt32    OsDriveProtector;
       UInt32    FixedDataDriveAutoUnlock;
       UInt32    FixedDataDrivePassphrase;
   
       //MBAM Agent fields
       Uint32    MBAMPolicyEnforced;
       string    LastConsoleUser;
       datetime  UserExemptionDate;
       UInt32    MBAMMachineError;
   
       // Encoded Computer Name
       string    EncodedComputerName;
   };
   
   [DYNPROPS]
   Instance of Win32Reg_MBAMPolicy
   {
       KeyName="BitLocker policy";
   
       //General encryption requirements
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")]
       OsDriveEncryption;
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")]
       FixedDataDriveEncryption;
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")]
       EncryptionMethod;
   
       //Required protectors properties
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")]
       OsDriveProtector;
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")]
       FixedDataDriveAutoUnlock;
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")]
       FixedDataDrivePassphrase;
   
       //MBAM agent fields
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")]
       MBAMPolicyEnforced;
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")]
       LastConsoleUser;
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")]
       UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")]
       MBAMMachineError;
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")]
       EncodedComputerName;
   };
   
   #pragma namespace ("\\\\.\\root\\cimv2")
   #pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
   [DYNPROPS]
   Class Win32Reg_MBAMPolicy_64
   {
       [key]
       string KeyName;
   
       //General encryption requirements
       UInt32    OsDriveEncryption;
       UInt32    FixedDataDriveEncryption;
       UInt32    EncryptionMethod;
   
       //Required protectors properties
       UInt32    OsDriveProtector;
       UInt32    FixedDataDriveAutoUnlock;
       UInt32    FixedDataDrivePassphrase;
   
       //MBAM Agent fields
       Uint32    MBAMPolicyEnforced;
       string    LastConsoleUser;
       datetime  UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU
       UInt32    MBAMMachineError;
   
       // Encoded Computer Name
       string    EncodedComputerName;
   };
   
   [DYNPROPS]
   Instance of Win32Reg_MBAMPolicy_64
   {
       KeyName="BitLocker policy";
   
       //General encryption requirements
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")]
       OsDriveEncryption;
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")]
       FixedDataDriveEncryption;
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")]
       EncryptionMethod;
   
       //Required protectors properties
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")]
       OsDriveProtector;
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")]
       FixedDataDriveAutoUnlock;
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")]
       FixedDataDrivePassphrase;
   
       //MBAM agent fields
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")]
       MBAMPolicyEnforced;
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")]
       LastConsoleUser;
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")]
       UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")]
       MBAMMachineError;
       [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")]
       EncodedComputerName;
   };
   
   #pragma namespace ("\\\\.\\root\\cimv2")
   #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
   [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
   dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
   class CCM_OperatingSystemExtended
   {
       [PropertySources{"Name"},key]
       string     Name;
       [PropertySources{"OperatingSystemSKU"}]
       uint32     SKU;
   };
   
   #pragma namespace ("\\\\.\\root\\cimv2")
   #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
   [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
   dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
   class CCM_ComputerSystemExtended
   {
       [PropertySources{"Name"},key]
       string     Name;
       [PropertySources{"PCSystemType"}]
       uint16     PCSystemType;
   };
   
   //=======================================================
   // Microsoft BitLocker Administration and Monitoring end
   //=======================================================
   

   Есть предложение для MBAM? Выдвигайте предложения и голосуйте за них здесь.
   Есть вопрос по MBAM? Найдите ответ на форуме TechNet по MBAM.

См. также

Задачи

Создание или изменение файла Sms_def.mof

Концепции

Необходимые условия MBAM 2.5 Server для изолированной топологии и топологии интеграции Configuration Manager

Другие ресурсы

Необходимые условия MBAM 2.5 Server, которые применяются только к топологии интеграции Configuration Manager