deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 13:57:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/mdop/mbam-v2/edit-the-configurationmof-file.md
Brian Lich 2d1f98a24d adding BI scorecard metadata attributes
2016-06-16 11:04:55 -07:00

386 lines
17 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: Edit the Configuration.mof File
description: Edit the Configuration.mof File
author: jamiejdt
ms.assetid: 23e50ec9-4083-4b12-ad96-626cf30960bb
ms.pagetype: mdop, security
ms.mktglfcycl: manage
ms.sitesec: library
ms.prod: w8
---
# Edit the Configuration.mof File
To enable the client computers to report BitLocker compliance details through the MBAM Configuration Manager reports, you have to edit the **Configuration.mof** file, whether you are using Configuration Manager 2007 or System Center 2012 Configuration Manager. Complete the following instructions for the version of Configuration Manager that you are using.
**Important**  
If you are installing Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 Service Pack 1 (SP1), either by doing a new installation or by upgrading from a previous version, see the appropriate item in [About MBAM 2.0 SP1](about-mbam-20-sp1.md) as described in the following bullets:
- For a new MBAM 2.0 SP1 installation, see **Required files for installing MBAM 2.0 SP1 if you are using MBAM with Configuration Manager**.
- For an upgrade to MBAM 2.0 SP1, see **Update the configuration.mof file if you upgrade to MBAM 2.0 SP1 and you are using MBAM with Configuration Manager 2007**.
 
**To create the configuration.mof file if you are using MBAM 2.0 SP1 with Configuration Manager**
- See the “Important” note about MBAM 2.0 SP1 earlier in this topic for the appropriate instructions to follow in [About MBAM 2.0 SP1](about-mbam-20-sp1.md).
**To edit the Configuration.mof file for System Center 2012 Configuration Manager**
1. On the Configuration Manager Server, browse to the location of the **Configuration.mof** file:
<CMInstallLocation>\\Inboxes\\clifiles.src\\hinv\\
On a default installation, the installation location is %systemdrive%\\Program Files \\Microsoft Configuration Manager.
2. Edit the **Configuration.mof** file to append the following MBAM classes:
``` syntax
//===================================================
// Microsoft BitLocker Administration and Monitoring
//===================================================
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
[Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")]
class Win32_BitLockerEncryptionDetails
{
[PropertySources{"DeviceId"},key]
String DeviceId;
[PropertySources{"BitlockerPersistentVolumeId"}]
String BitlockerPersistentVolumeId;
[PropertySources{"BitLockerManagementPersistentVolumeId"}]
String MbamPersistentVolumeId;
//UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3
[PropertySources{"BitLockerManagementVolumeType"}]
SInt32 MbamVolumeType;
[PropertySources{"DriveLetter"}]
String DriveLetter;
//VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2
[PropertySources{"Compliant"}]
SInt32 Compliant;
[PropertySources{"ReasonsForNonCompliance"}]
SInt32 ReasonsForNonCompliance[];
[PropertySources{"KeyProtectorTypes"}]
SInt32 KeyProtectorTypes[];
[PropertySources{"EncryptionMethod"}]
SInt32 EncryptionMethod;
[PropertySources{"ConversionStatus"}]
SInt32 ConversionStatus;
[PropertySources{"ProtectionStatus"}]
SInt32 ProtectionStatus;
[PropertySources{"IsAutoUnlockEnabled"}]
Boolean IsAutoUnlockEnabled;
};
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
[DYNPROPS]
Class Win32Reg_MBAMPolicy
{
[key]
string KeyName;
//General encryption requirements
UInt32 OsDriveEncryption;
UInt32 FixedDataDriveEncryption;
UInt32 EncryptionMethod;
//Required protectors properties
UInt32 OsDriveProtector;
UInt32 FixedDataDriveAutoUnlock;
UInt32 FixedDataDrivePassphrase;
//MBAM agent fields
Uint32 MBAMPolicyEnforced;
string LastConsoleUser;
datetime UserExemptionDate;
UInt32 MBAMMachineError;
// Encoded computer name
string EncodedComputerName;
};
[DYNPROPS]
Instance of Win32Reg_MBAMPolicy
{
KeyName="BitLocker policy";
//General encryption requirements
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")]
OsDriveEncryption;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")]
FixedDataDriveEncryption;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")]
EncryptionMethod;
//Required protectors properties
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")]
OsDriveProtector;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")]
FixedDataDriveAutoUnlock;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")]
FixedDataDrivePassphrase;
//MBAM agent fields
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")]
MBAMPolicyEnforced;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")]
LastConsoleUser;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")]
UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")]
MBAMMachineError;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")]
EncodedComputerName;
};
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
[Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
class CCM_OperatingSystemExtended
{
[PropertySources{"Name"},key]
string Name;
[PropertySources{"OperatingSystemSKU"}]
uint32 SKU;
};
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
[Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
class CCM_ComputerSystemExtended
{
[PropertySources{"Name"},key]
string Name;
[PropertySources{"PCSystemType"}]
uint16 PCSystemType;
};
//=======================================================
// Microsoft BitLocker Administration and Monitoring end
//=======================================================
```
**To edit the Configuration.mof file for Configuration Manager 2007**
1. On the Configuration Manager Server, browse to the location of the **Configuration.mof** file:
<CMInstallLocation>\\Inboxes\\clifiles.src\\hinv\\
On a default installation, the installation location is %systemdrive%\\Program Files (x86)\\Microsoft Configuration Manager.
2. Edit the **Configuration.mof** file to append the following MBAM classes:
``` syntax
//===================================================
// Microsoft BitLocker Administration and Monitoring
//===================================================
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
[Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")]
class Win32_BitLockerEncryptionDetails
{
[PropertySources{"DeviceId"},key]
String DeviceId;
[PropertySources{"BitlockerPersistentVolumeId"}]
String BitlockerPersistentVolumeId;
[PropertySources{"BitLockerManagementPersistentVolumeId"}]
String MbamPersistentVolumeId;
//UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3
[PropertySources{"BitLockerManagementVolumeType"}]
SInt32 MbamVolumeType;
[PropertySources{"DriveLetter"}]
String DriveLetter;
//VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2
[PropertySources{"Compliant"}]
SInt32 Compliant;
[PropertySources{"ReasonsForNonCompliance"}]
SInt32 ReasonsForNonCompliance[];
[PropertySources{"KeyProtectorTypes"}]
SInt32 KeyProtectorTypes[];
[PropertySources{"EncryptionMethod"}]
SInt32 EncryptionMethod;
[PropertySources{"ConversionStatus"}]
SInt32 ConversionStatus;
[PropertySources{"ProtectionStatus"}]
SInt32 ProtectionStatus;
[PropertySources{"IsAutoUnlockEnabled"}]
Boolean IsAutoUnlockEnabled;
};
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
[DYNPROPS]
Class Win32Reg_MBAMPolicy
{
[key]
string KeyName;
//General encryption requirements
UInt32 OsDriveEncryption;
UInt32 FixedDataDriveEncryption;
UInt32 EncryptionMethod;
//Required protectors properties
UInt32 OsDriveProtector;
UInt32 FixedDataDriveAutoUnlock;
UInt32 FixedDataDrivePassphrase;
//MBAM agent fields
Uint32 MBAMPolicyEnforced;
string LastConsoleUser;
datetime UserExemptionDate;
UInt32 MBAMMachineError;
// Encoded computer name
string EncodedComputerName;
};
[DYNPROPS]
Instance of Win32Reg_MBAMPolicy
{
KeyName="BitLocker policy";
//General encryption requirements
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")]
OsDriveEncryption;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")]
FixedDataDriveEncryption;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")]
EncryptionMethod;
//Required protectors properties
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")]
OsDriveProtector;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")]
FixedDataDriveAutoUnlock;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")]
FixedDataDrivePassphrase;
//MBAM agent fields
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")]
MBAMPolicyEnforced;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")]
LastConsoleUser;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")]
UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")]
MBAMMachineError;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")]
EncodedComputerName;
};
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
[DYNPROPS]
Class Win32Reg_MBAMPolicy_64
{
[key]
string KeyName;
//General encryption requirements
UInt32 OsDriveEncryption;
UInt32 FixedDataDriveEncryption;
UInt32 EncryptionMethod;
//Required protectors properties
UInt32 OsDriveProtector;
UInt32 FixedDataDriveAutoUnlock;
UInt32 FixedDataDrivePassphrase;
//MBAM agent fields
Uint32 MBAMPolicyEnforced;
string LastConsoleUser;
datetime UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU
UInt32 MBAMMachineError;
// Encoded computer name
string EncodedComputerName;
};
[DYNPROPS]
Instance of Win32Reg_MBAMPolicy_64
{
KeyName="BitLocker policy";
//General encryption requirements
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")]
OsDriveEncryption;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")]
FixedDataDriveEncryption;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")]
EncryptionMethod;
//Required protectors properties
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")]
OsDriveProtector;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")]
FixedDataDriveAutoUnlock;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")]
FixedDataDrivePassphrase;
//MBAM agent fields
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")]
MBAMPolicyEnforced;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")]
LastConsoleUser;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")]
UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")]
MBAMMachineError;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")]
EncodedComputerName;
};
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
[Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
class CCM_OperatingSystemExtended
{
[PropertySources{"Name"},key]
string Name;
[PropertySources{"OperatingSystemSKU"}]
uint32 SKU;
};
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
[Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
class CCM_ComputerSystemExtended
{
[PropertySources{"Name"},key]
string Name;
[PropertySources{"PCSystemType"}]
uint16 PCSystemType;
};
//=======================================================
// Microsoft BitLocker Administration and Monitoring end
//=======================================================
```
## Related topics
[How to Create or Edit the mof Files](how-to-create-or-edit-the-mof-files.md)
[Deploying MBAM with Configuration Manager](deploying-mbam-with-configuration-manager-mbam2.md)
 
 
Reference in New Issue View Git Blame Copy Permalink