deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-23 10:47:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
windows-itpro-docs/mdop/mbam-v2/create-or-edit-the-sms-defmof-file.md
Brian Lich 2d1f98a24d adding BI scorecard metadata attributes
2016-06-16 11:04:55 -07:00

378 lines
14 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: Create or Edit the Sms\_def.mof File
description: Create or Edit the Sms\_def.mof File
author: jamiejdt
ms.assetid: d1747e43-484e-4031-a63b-6342fe588aa2
ms.pagetype: mdop, security
ms.mktglfcycl: manage
ms.sitesec: library
ms.prod: w8
---
# Create or Edit the Sms\_def.mof File
To enable the client computers to report BitLocker compliance details through the MBAM Configuration Manager reports, you have to create or edit the Sms\_def.mof file.
If you are using System Center 2012 Configuration Manager, you must create the file.
In Configuration Manager 2007, the file already exists, so you only have to edit it. **Do not overwrite the existing file**.
In the following sections, complete the instructions that correspond to the version of Configuration Manager that you are using.
**To create the Sms\_def.mof file for System Center 2012 Configuration Manager**
1. On the Configuration Manager Server, browse to the location where you have to create the Sms\_def.mof file, for example, the Desktop.
2. Create a text file called **Sms\_def.mof** and copy the following code to populate the file with the following Sms\_def.mof MBAM classes:
``` syntax
//===================================================
// Microsoft BitLocker Administration and Monitoring
//===================================================
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
[ SMS_Report (TRUE),
SMS_Group_Name ("BitLocker Encryption Details"),
SMS_Class_ID ("MICROSOFT|BITLOCKER_DETAILS|1.0")]
class Win32_BitLockerEncryptionDetails : SMS_Class_Template
{
[ SMS_Report (TRUE), key ]
String DeviceId;
[ SMS_Report (TRUE) ]
String BitlockerPersistentVolumeId;
[ SMS_Report (TRUE) ]
String MbamPersistentVolumeId;
[ SMS_Report (TRUE) ]
//UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3
SInt32 MbamVolumeType;
[ SMS_Report (TRUE) ]
String DriveLetter;
[ SMS_Report (TRUE) ]
//VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2
SInt32 Compliant;
[ SMS_Report (TRUE) ]
SInt32 ReasonsForNonCompliance[];
[ SMS_Report (TRUE) ]
SInt32 KeyProtectorTypes[];
[ SMS_Report (TRUE) ]
SInt32 EncryptionMethod;
[ SMS_Report (TRUE) ]
SInt32 ConversionStatus;
[ SMS_Report (TRUE) ]
SInt32 ProtectionStatus;
[ SMS_Report (TRUE) ]
Boolean IsAutoUnlockEnabled;
};
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
[ SMS_Report(TRUE),
SMS_Group_Name("BitLocker Policy"),
SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0")]
Class Win32Reg_MBAMPolicy: SMS_Class_Template
{
[SMS_Report(TRUE),key]
string KeyName;
//General encryption requirements
[SMS_Report(TRUE)]
UInt32 OsDriveEncryption;
[ SMS_Report (TRUE) ]
UInt32 FixedDataDriveEncryption;
[ SMS_Report (TRUE) ]
UInt32 EncryptionMethod;
//Required protectors properties
[ SMS_Report (TRUE) ]
UInt32 OsDriveProtector;
[ SMS_Report (TRUE) ]
UInt32 FixedDataDriveAutoUnlock;
[ SMS_Report (TRUE) ]
UInt32 FixedDataDrivePassphrase;
//MBAM agent fields
//Policy not enforced (0), enforced (1), pending user exemption request (2) or exempted user (3)
[SMS_Report(TRUE)]
Uint32 MBAMPolicyEnforced;
[SMS_Report(TRUE)]
string LastConsoleUser;
//Date of the exemption request of the last logged on user,
//or the first date the exemption was granted to him on this machine.
[SMS_Report(TRUE)]
datetime UserExemptionDate;
//Errors encountered by MBAM agent.
[ SMS_Report (TRUE) ]
UInt32 MBAMMachineError;
[ SMS_Report (TRUE) ]
string EncodedComputerName;
};
//Read Win32_OperatingSystem.SKU WMI property in a new class - because SKU is not available before Vista.
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
[ SMS_Report (TRUE),
SMS_Group_Name ("Operating System Ex"),
SMS_Class_ID ("MICROSOFT|OPERATING_SYSTEM_EXT|1.0") ]
class CCM_OperatingSystemExtended : SMS_Class_Template
{
[SMS_Report (TRUE), key ]
string Name;
[SMS_Report (TRUE) ]
uint32 SKU;
};
//Read Win32_ComputerSystem.PCSystemType WMI property in a new class - because PCSystemType is not available before Vista.
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
[ SMS_Report (TRUE),
SMS_Group_Name ("Computer System Ex"),
SMS_Class_ID ("MICROSOFT|COMPUTER_SYSTEM_EXT|1.0") ]
class CCM_ComputerSystemExtended : SMS_Class_Template
{
[SMS_Report (TRUE), key ]
string Name;
[SMS_Report (TRUE) ]
uint16 PCSystemType;
};
//=======================================================
// Microsoft BitLocker Administration and Monitoring end
//=======================================================
```
3. Import the **Sms\_def.mof** file by doing the following:
1. Open the **System Center 2012 Configuration Manager console** and select the **Administration** tab.
2. On the **Administration** tab, select **Client Settings**.
3. Right-click **Default Client Settings**, and then select **Properties**.
4. In the **Default Settings** window, select **Hardware Inventory**.
5. Click **Set Classes**, and then click **Import**.
6. In the browser that opens, select your **.mof** file, and then click **Open**. The **Import Summary** window opens.
7. In the **Import Summary** window, ensure that the option to import both hardware inventory classes and class settings is selected, and then click **Import**.
8. In both the **Hardware Inventory Classes** window and the **Default Settings** window, click **OK**.
4. Enable the **Win32\_Tpm** class as follows:
1. Open the **System Center 2012 Configuration Manager console** and select the **Administration** tab.
2. On the **Administration** tab, select **Client Settings**.
3. Right-click **Default Client Settings**, and then select **Properties**.
4. In the **Default Settings** window, select **Hardware Inventory**.
5. Click **Set Classes**.
6. In the main window, scroll down, and then select the **TPM (Win32\_Tpm)** class.
7. Under **TPM**, ensure that the **SpecVersion** property is selected.
8. In both the **Hardware Inventory Classes** window and the **Default Settings** window, click **OK**.
**To edit the sms\_def.mof file for Configuration Manager 2007**
1. On the Configuration Manager Server, browse to the location of the **sms\_def.mof** file:
<CMInstallLocation>\\Inboxes\\clifiles.src\\hinv\\
On a default installation, the installation location is %systemdrive% \\Program Files (x86)\\Microsoft Configuration Manager.
2. Copy the following code, and then append it to **Sms\_def.mof** file to add the following required MBAM classes to the file:
``` syntax
//===================================================
// Microsoft BitLocker Administration and Monitoring
//===================================================
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
[ SMS_Report (TRUE),
SMS_Group_Name ("BitLocker Encryption Details"),
SMS_Class_ID ("MICROSOFT|BITLOCKER_DETAILS|1.0")]
class Win32_BitLockerEncryptionDetails : SMS_Class_Template
{
[ SMS_Report (TRUE), key ]
String DeviceId;
[ SMS_Report (TRUE) ]
String BitlockerPersistentVolumeId;
[ SMS_Report (TRUE) ]
String MbamPersistentVolumeId;
[ SMS_Report (TRUE) ]
//UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3
SInt32 MbamVolumeType;
[ SMS_Report (TRUE) ]
String DriveLetter;
[ SMS_Report (TRUE) ]
//VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2
SInt32 Compliant;
[ SMS_Report (TRUE) ]
SInt32 ReasonsForNonCompliance[];
[ SMS_Report (TRUE) ]
SInt32 KeyProtectorTypes[];
[ SMS_Report (TRUE) ]
SInt32 EncryptionMethod;
[ SMS_Report (TRUE) ]
SInt32 ConversionStatus;
[ SMS_Report (TRUE) ]
SInt32 ProtectionStatus;
[ SMS_Report (TRUE) ]
Boolean IsAutoUnlockEnabled;
};
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
[ SMS_Report(TRUE),
SMS_Group_Name("BitLocker Policy"),
SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0"),
SMS_Context_1("__ProviderArchitecture=32|uint32"),
SMS_Context_2("__RequiredArchitecture=true|boolean")]
Class Win32Reg_MBAMPolicy: SMS_Class_Template
{
[SMS_Report(TRUE),key]
string KeyName;
//General encryption requirements
[SMS_Report(TRUE)]
UInt32 OsDriveEncryption;
[ SMS_Report (TRUE) ]
UInt32 FixedDataDriveEncryption;
[ SMS_Report (TRUE) ]
UInt32 EncryptionMethod;
//Required protectors properties
[ SMS_Report (TRUE) ]
UInt32 OsDriveProtector;
[ SMS_Report (TRUE) ]
UInt32 FixedDataDriveAutoUnlock;
[ SMS_Report (TRUE) ]
UInt32 FixedDataDrivePassphrase;
//MBAM Agent fields
//Policy not enforced (0), enforced (1), pending user exemption request (2) or exempted user (3)
[SMS_Report(TRUE)]
Uint32 MBAMPolicyEnforced;
[SMS_Report(TRUE)]
string LastConsoleUser;
//Date of the exemption request of the last logged on user,
//or the first date the exemption was granted to him on this machine.
[SMS_Report(TRUE)]
datetime UserExemptionDate;
//Errors encountered by MBAM agent.
[ SMS_Report (TRUE) ]
UInt32 MBAMMachineError;
// Encoded Computer Name
[ SMS_Report (TRUE) ]
string EncodedComputerName;
};
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
[ SMS_Report(TRUE),
SMS_Group_Name("BitLocker Policy"),
SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0"),
SMS_Context_1("__ProviderArchitecture=64|uint32"),
SMS_Context_2("__RequiredArchitecture=true|boolean")]
Class Win32Reg_MBAMPolicy_64: SMS_Class_Template
{
[SMS_Report(TRUE),key]
string KeyName;
//General encryption requirements
[SMS_Report(TRUE)]
UInt32 OsDriveEncryption;
[ SMS_Report (TRUE) ]
UInt32 FixedDataDriveEncryption;
[ SMS_Report (TRUE) ]
UInt32 EncryptionMethod;
//Required protectors properties
[ SMS_Report (TRUE) ]
UInt32 OsDriveProtector;
[ SMS_Report (TRUE) ]
UInt32 FixedDataDriveAutoUnlock;
[ SMS_Report (TRUE) ]
UInt32 FixedDataDrivePassphrase;
//MBAM Agent fields
//Policy not enforced (0), enforced (1), pending user exemption request (2) or exempted user (3)
[SMS_Report(TRUE)]
Uint32 MBAMPolicyEnforced;
[SMS_Report(TRUE)]
string LastConsoleUser;
//Date of the exemption request of the last logged on user,
//or the first date the exemption was granted to him on this machine.
[SMS_Report(TRUE)]
datetime UserExemptionDate;
//Errors encountered by MBAM agent.
[ SMS_Report (TRUE) ]
UInt32 MBAMMachineError;
// Encoded Computer Name
[ SMS_Report (TRUE) ]
string EncodedComputerName;
};
//Read Win32_OperatingSystem.SKU WMI property in a new class - because SKU is not available before Vista.
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
[ SMS_Report (TRUE),
SMS_Group_Name ("Operating System Ex"),
SMS_Class_ID ("MICROSOFT|OPERATING_SYSTEM_EXT|1.0") ]
class CCM_OperatingSystemExtended : SMS_Class_Template
{
[SMS_Report (TRUE), key ]
string Name;
[SMS_Report (TRUE) ]
uint32 SKU;
};
//Read Win32_ComputerSystem.PCSystemType WMI property in a new class - because PCSystemType is not available before Vista.
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
[ SMS_Report (TRUE),
SMS_Group_Name ("Computer System Ex"),
SMS_Class_ID ("MICROSOFT|COMPUTER_SYSTEM_EXT|1.0") ]
class CCM_ComputerSystemExtended : SMS_Class_Template
{
[SMS_Report (TRUE), key ]
string Name;
[SMS_Report (TRUE) ]
uint16 PCSystemType;
};
//=======================================================
// Microsoft BitLocker Administration and Monitoring end
//=======================================================
```
3. Modify the **Win32\_Tpm** class as follows:
- Set **SMS\_REPORT** to **TRUE** in the class attributes.
- Set **SMS\_REPORT** to **TRUE** in the **SpecVersion** property attribute.
## Related topics
[How to Create or Edit the mof Files](how-to-create-or-edit-the-mof-files.md)
[Deploying MBAM with Configuration Manager](deploying-mbam-with-configuration-manager-mbam2.md)
 
 
Reference in New Issue View Git Blame Copy Permalink