Edite o arquivo Configuration.mof
Aplica-se a: Microsoft BitLocker Administration and Monitoring 2.0, Microsoft BitLocker Administration and Monitoring 2.0 SP1
Para habilitar os computadores clientes para relatar detalhes de conformidade do BitLocker por meio dos relatórios do MBAM Configuration Manager, será preciso editar o arquivo Configuration.mof, se você estiver usando o Configuration Manager 2007 ou o System Center 2012 Configuration Manager. Complete as seguintes instruções para a versão do Configuration Manager que você está usando.
Importante
Se você estiver instalando o Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 Service Pack 1 (SP1), seja fazendo uma nova instalação ou atualizando a partir de uma versão anterior, consulte o item adequado no Sobre o MBAM 2.0 SP1 conforme descrito nos itens abaixo:
- Para uma nova instalação do MBAM 2.0 SP1, consulte Arquivos necessários para instalar o MBAM 2.0 SP1 se você estiver usando o MBAM com o Configuration Manager.
- Para uma atualização para o MBAM 2.0 SP1, consulte Atualize o arquivo configuration.mof se atualizar para o MBAM 2.0 SP1 e estiver usando o MBAM com o Configuration Manager 2007.
Para criar o arquivo configuration.mof se estiver usando o MBAM 2.0 SP1 com o Configuration Manager
- Consulte a observação "Importante" sobre o MBAM 2.0 SP1 existente antes nesse tópico para encontrar as instruções adequadas a serem seguidas em Sobre o MBAM 2.0 SP1.
Para editar o arquivo Configuration.mof para o System Center 2012 Configuration Manager
No Servidor do Configuration Manager, navegue até o local do arquivo Configuration.mof:
<CMInstallLocation>\Inboxes\clifiles.src\hinv\
Em uma instalação padrão, o local de instalação é %systemdrive%\Program Files \Microsoft Configuration Manager.
Edite o arquivo Configuration.mof para acrescentar as seguintes classes do MBAM:
//=================================================== // Microsoft BitLocker Administration and Monitoring //=================================================== #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")] class Win32_BitLockerEncryptionDetails { [PropertySources{"DeviceId"},key] String DeviceId; [PropertySources{"BitlockerPersistentVolumeId"}] String BitlockerPersistentVolumeId; [PropertySources{"BitLockerManagementPersistentVolumeId"}] String MbamPersistentVolumeId; //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3 [PropertySources{"BitLockerManagementVolumeType"}] SInt32 MbamVolumeType; [PropertySources{"DriveLetter"}] String DriveLetter; //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2 [PropertySources{"Compliant"}] SInt32 Compliant; [PropertySources{"ReasonsForNonCompliance"}] SInt32 ReasonsForNonCompliance[]; [PropertySources{"KeyProtectorTypes"}] SInt32 KeyProtectorTypes[]; [PropertySources{"EncryptionMethod"}] SInt32 EncryptionMethod; [PropertySources{"ConversionStatus"}] SInt32 ConversionStatus; [PropertySources{"ProtectionStatus"}] SInt32 ProtectionStatus; [PropertySources{"IsAutoUnlockEnabled"}] Boolean IsAutoUnlockEnabled; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) [DYNPROPS] Class Win32Reg_MBAMPolicy { [key] string KeyName; //General encryption requirements UInt32 OsDriveEncryption; UInt32 FixedDataDriveEncryption; UInt32 EncryptionMethod; //Required protectors properties UInt32 OsDriveProtector; UInt32 FixedDataDriveAutoUnlock; UInt32 FixedDataDrivePassphrase; //MBAM agent fields Uint32 MBAMPolicyEnforced; string LastConsoleUser; datetime UserExemptionDate; UInt32 MBAMMachineError; // Encoded computer name string EncodedComputerName; }; [DYNPROPS] Instance of Win32Reg_MBAMPolicy { KeyName="BitLocker policy"; //General encryption requirements [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] OsDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] EncryptionMethod; //Required protectors properties [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] OsDriveProtector; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveAutoUnlock; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] FixedDataDrivePassphrase; //MBAM agent fields [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] MBAMPolicyEnforced; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] LastConsoleUser; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] MBAMMachineError; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] EncodedComputerName; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_OperatingSystemExtended { [PropertySources{"Name"},key] string Name; [PropertySources{"OperatingSystemSKU"}] uint32 SKU; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_ComputerSystemExtended { [PropertySources{"Name"},key] string Name; [PropertySources{"PCSystemType"}] uint16 PCSystemType; }; //======================================================= // Microsoft BitLocker Administration and Monitoring end //=======================================================
Para editar o arquivo Configuration.mof para o Configuration Manager 2007
No Servidor do Configuration Manager, navegue até o local do arquivo Configuration.mof:
<CMInstallLocation>\Inboxes\clifiles.src\hinv\
Em uma instalação padrão, o local de instalação é %systemdrive%\Program Files (x86)\Microsoft Configuration Manager.
Edite o arquivo Configuration.mof para acrescentar as seguintes classes do MBAM:
//=================================================== // Microsoft BitLocker Administration and Monitoring //=================================================== #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")] class Win32_BitLockerEncryptionDetails { [PropertySources{"DeviceId"},key] String DeviceId; [PropertySources{"BitlockerPersistentVolumeId"}] String BitlockerPersistentVolumeId; [PropertySources{"BitLockerManagementPersistentVolumeId"}] String MbamPersistentVolumeId; //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3 [PropertySources{"BitLockerManagementVolumeType"}] SInt32 MbamVolumeType; [PropertySources{"DriveLetter"}] String DriveLetter; //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2 [PropertySources{"Compliant"}] SInt32 Compliant; [PropertySources{"ReasonsForNonCompliance"}] SInt32 ReasonsForNonCompliance[]; [PropertySources{"KeyProtectorTypes"}] SInt32 KeyProtectorTypes[]; [PropertySources{"EncryptionMethod"}] SInt32 EncryptionMethod; [PropertySources{"ConversionStatus"}] SInt32 ConversionStatus; [PropertySources{"ProtectionStatus"}] SInt32 ProtectionStatus; [PropertySources{"IsAutoUnlockEnabled"}] Boolean IsAutoUnlockEnabled; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) [DYNPROPS] Class Win32Reg_MBAMPolicy { [key] string KeyName; //General encryption requirements UInt32 OsDriveEncryption; UInt32 FixedDataDriveEncryption; UInt32 EncryptionMethod; //Required protectors properties UInt32 OsDriveProtector; UInt32 FixedDataDriveAutoUnlock; UInt32 FixedDataDrivePassphrase; //MBAM agent fields Uint32 MBAMPolicyEnforced; string LastConsoleUser; datetime UserExemptionDate; UInt32 MBAMMachineError; // Encoded computer name string EncodedComputerName; }; [DYNPROPS] Instance of Win32Reg_MBAMPolicy { KeyName="BitLocker policy"; //General encryption requirements [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] OsDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] EncryptionMethod; //Required protectors properties [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] OsDriveProtector; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveAutoUnlock; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] FixedDataDrivePassphrase; //MBAM agent fields [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] MBAMPolicyEnforced; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] LastConsoleUser; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] MBAMMachineError; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] EncodedComputerName; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL) [DYNPROPS] Class Win32Reg_MBAMPolicy_64 { [key] string KeyName; //General encryption requirements UInt32 OsDriveEncryption; UInt32 FixedDataDriveEncryption; UInt32 EncryptionMethod; //Required protectors properties UInt32 OsDriveProtector; UInt32 FixedDataDriveAutoUnlock; UInt32 FixedDataDrivePassphrase; //MBAM agent fields Uint32 MBAMPolicyEnforced; string LastConsoleUser; datetime UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU UInt32 MBAMMachineError; // Encoded computer name string EncodedComputerName; }; [DYNPROPS] Instance of Win32Reg_MBAMPolicy_64 { KeyName="BitLocker policy"; //General encryption requirements [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] OsDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveEncryption; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] EncryptionMethod; //Required protectors properties [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] OsDriveProtector; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] FixedDataDriveAutoUnlock; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] FixedDataDrivePassphrase; //MBAM agent fields [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] MBAMPolicyEnforced; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] LastConsoleUser; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] MBAMMachineError; [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] EncodedComputerName; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_OperatingSystemExtended { [PropertySources{"Name"},key] string Name; [PropertySources{"OperatingSystemSKU"}] uint32 SKU; }; #pragma namespace ("\\\\.\\root\\cimv2") #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_ComputerSystemExtended { [PropertySources{"Name"},key] string Name; [PropertySources{"PCSystemType"}] uint16 PCSystemType; }; //======================================================= // Microsoft BitLocker Administration and Monitoring end //=======================================================
Consulte Também
Conceitos
Implantando o MBAM com o Configuration Manager
Outros Recursos
Como criar ou editar os arquivos mof
-----
Você pode saber mais sobre o MDOP na Biblioteca do TechNet, pesquisar por solução de problemas no TechNet Wiki ou nos seguir no Facebook ou Twitter.
-----