Editar o arquivo Configuration.mof
Para permitir que os computadores cliente relatem detalhes de conformidade do BitLocker por meio dos relatórios do MBAM Configuration Manager, você precisa editar o arquivo Configuration.mof, independentemente de você estar usando o Configuration Manager 2007 ou o System Center 2012 Configuration Manager. Conclua as instruções a seguir para a versão Configuration Manager que você está usando.
Importante Se você estiver instalando o Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 Service Pack 1 (SP1), seja fazendo uma nova instalação ou atualizando de uma versão anterior, consulte o item apropriado em About MBAM 2.0 SP1 conforme descrito nos marcadores a seguir:
Para uma nova instalação do MBAM 2.0 SP1, consulte Arquivos necessários para instalar o MBAM 2.0 SP1 se você estiver usando o MBAM com Configuration Manager.
Para uma atualização para o MBAM 2.0 SP1, consulte Atualizar o arquivo configuration.mof se você atualizar para o MBAM 2.0 SP1 e estiver usando o MBAM com o Configuration Manager 2007.
Para criar o arquivo configuration.mof se você estiver usando o MBAM 2.0 SP1 com Configuration Manager
- Consulte a nota "Importante" sobre o MBAM 2.0 SP1 anteriormente neste tópico para obter as instruções apropriadas a serem seguidas em Sobre o MBAM 2.0 SP1.
Para editar o arquivo Configuration.mof para o System Center 2012 Configuration Manager
No servidor Configuration Manager, navegue até o local do arquivo Configuration.mof:
<CMInstallLocation>\Inboxes\clifiles.src\hinv\
Em uma instalação padrão, o local de instalação é %systemdrive%\Arquivos de Programas \Microsoft Configuration Manager.
Edite o arquivo Configuration.mof para acrescentar as seguintes classes do MBAM:
//=================================================== // Microsoft BitLocker Administration and Monitoring //=================================================== #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")] class Win32_BitLockerEncryptionDetails { [PropertySources{"DeviceId"},key] String DeviceId; [PropertySources{"BitlockerPersistentVolumeId"}] String BitlockerPersistentVolumeId; [PropertySources{"BitLockerManagementPersistentVolumeId"}] String MbamPersistentVolumeId; //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3 [PropertySources{"BitLockerManagementVolumeType"}] SInt32 MbamVolumeType; [PropertySources{"DriveLetter"}] String DriveLetter; //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2 [PropertySources{"Compliant"}] SInt32 Compliant; [PropertySources{"ReasonsForNonCompliance"}] SInt32 ReasonsForNonCompliance[]; [PropertySources{"KeyProtectorTypes"}] SInt32 KeyProtectorTypes[]; [PropertySources{"EncryptionMethod"}] SInt32 EncryptionMethod; [PropertySources{"ConversionStatus"}] SInt32 ConversionStatus; [PropertySources{"ProtectionStatus"}] SInt32 ProtectionStatus; [PropertySources{"IsAutoUnlockEnabled"}] Boolean IsAutoUnlockEnabled; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) [DYNPROPS] Class Win32Reg_MBAMPolicy { [key] string KeyName; //General encryption requirements UInt32 OsDriveEncryption; UInt32 FixedDataDriveEncryption; UInt32 EncryptionMethod; //Required protectors properties UInt32 OsDriveProtector; UInt32 FixedDataDriveAutoUnlock; UInt32 FixedDataDrivePassphrase; //MBAM agent fields Uint32 MBAMPolicyEnforced; string LastConsoleUser; datetime UserExemptionDate; UInt32 MBAMMachineError; // Encoded computer name string EncodedComputerName; }; [DYNPROPS] Instance of Win32Reg_MBAMPolicy { KeyName="BitLocker policy"; //General encryption requirements [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] OsDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] EncryptionMethod; //Required protectors properties [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] OsDriveProtector; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveAutoUnlock; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] FixedDataDrivePassphrase; //MBAM agent fields [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] MBAMPolicyEnforced; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] LastConsoleUser; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] MBAMMachineError; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] EncodedComputerName; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_OperatingSystemExtended { [PropertySources{"Name"},key] string Name; [PropertySources{"OperatingSystemSKU"}] uint32 SKU; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_ComputerSystemExtended { [PropertySources{"Name"},key] string Name; [PropertySources{"PCSystemType"}] uint16 PCSystemType; }; //======================================================= // Microsoft BitLocker Administration and Monitoring end //=======================================================
Para editar o arquivo Configuration.mof para Configuration Manager 2007
No servidor Configuration Manager, navegue até o local do arquivo Configuration.mof:
<CMInstallLocation>\Inboxes\clifiles.src\hinv\
Em uma instalação padrão, o local de instalação é %systemdrive%\Arquivos de Programas (x86)\Microsoft Configuration Manager.
Edite o arquivo Configuration.mof para acrescentar as seguintes classes do MBAM:
//=================================================== // Microsoft BitLocker Administration and Monitoring //=================================================== #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")] class Win32_BitLockerEncryptionDetails { [PropertySources{"DeviceId"},key] String DeviceId; [PropertySources{"BitlockerPersistentVolumeId"}] String BitlockerPersistentVolumeId; [PropertySources{"BitLockerManagementPersistentVolumeId"}] String MbamPersistentVolumeId; //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3 [PropertySources{"BitLockerManagementVolumeType"}] SInt32 MbamVolumeType; [PropertySources{"DriveLetter"}] String DriveLetter; //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2 [PropertySources{"Compliant"}] SInt32 Compliant; [PropertySources{"ReasonsForNonCompliance"}] SInt32 ReasonsForNonCompliance[]; [PropertySources{"KeyProtectorTypes"}] SInt32 KeyProtectorTypes[]; [PropertySources{"EncryptionMethod"}] SInt32 EncryptionMethod; [PropertySources{"ConversionStatus"}] SInt32 ConversionStatus; [PropertySources{"ProtectionStatus"}] SInt32 ProtectionStatus; [PropertySources{"IsAutoUnlockEnabled"}] Boolean IsAutoUnlockEnabled; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) [DYNPROPS] Class Win32Reg_MBAMPolicy { [key] string KeyName; //General encryption requirements UInt32 OsDriveEncryption; UInt32 FixedDataDriveEncryption; UInt32 EncryptionMethod; //Required protectors properties UInt32 OsDriveProtector; UInt32 FixedDataDriveAutoUnlock; UInt32 FixedDataDrivePassphrase; //MBAM agent fields Uint32 MBAMPolicyEnforced; string LastConsoleUser; datetime UserExemptionDate; UInt32 MBAMMachineError; // Encoded computer name string EncodedComputerName; }; [DYNPROPS] Instance of Win32Reg_MBAMPolicy { KeyName="BitLocker policy"; //General encryption requirements [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] OsDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] EncryptionMethod; //Required protectors properties [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] OsDriveProtector; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveAutoUnlock; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] FixedDataDrivePassphrase; //MBAM agent fields [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] MBAMPolicyEnforced; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] LastConsoleUser; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] MBAMMachineError; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] EncodedComputerName; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL) [DYNPROPS] Class Win32Reg_MBAMPolicy_64 { [key] string KeyName; //General encryption requirements UInt32 OsDriveEncryption; UInt32 FixedDataDriveEncryption; UInt32 EncryptionMethod; //Required protectors properties UInt32 OsDriveProtector; UInt32 FixedDataDriveAutoUnlock; UInt32 FixedDataDrivePassphrase; //MBAM agent fields Uint32 MBAMPolicyEnforced; string LastConsoleUser; datetime UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU UInt32 MBAMMachineError; // Encoded computer name string EncodedComputerName; }; [DYNPROPS] Instance of Win32Reg_MBAMPolicy_64 { KeyName="BitLocker policy"; //General encryption requirements [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] OsDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] EncryptionMethod; //Required protectors properties [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] OsDriveProtector; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveAutoUnlock; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] FixedDataDrivePassphrase; //MBAM agent fields [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] MBAMPolicyEnforced; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] LastConsoleUser; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] MBAMMachineError; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] EncodedComputerName; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_OperatingSystemExtended { [PropertySources{"Name"},key] string Name; [PropertySources{"OperatingSystemSKU"}] uint32 SKU; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_ComputerSystemExtended { [PropertySources{"Name"},key] string Name; [PropertySources{"PCSystemType"}] uint16 PCSystemType; }; //======================================================= // Microsoft BitLocker Administration and Monitoring end //=======================================================