IoanPopovici
9/26/2019 - 12:34 PM

HWI DEF Win32Reg_BitlockerPolicy

SCCM HWI Extension definitions for BitLocker Policy

//——————————————— // BitLocker Policy Definitions //———————————————

// Set default Namespace and delete the Win32Reg_BitLockerPolicy if it already exists
//#PRAGMA Namespace     ("\\\\.\\Root\\CIMv2\\SMS")
//#PRAGMA DeleteClass   ("Win32Reg_BitLockerPolicy", NOFAIL)

//-- Create WMI class
//-  Class Qualifiers
[
    Description     ("The Win32Reg_BitLockerPolicy class contains information about the BitLocker Policy. You can use this information for BitLocker reporting."): ToInstance,
    SMS_Report      (TRUE),
    SMS_Group_Name  ("BitLocker Policy"),
    SMS_Class_ID    ("CUSTOM|BITLOCKER_POLICY|1.0"),
    SMS_Context_1   ("__ProviderArchitecture=32|Uint32"),
    SMS_Context_2   ("__RequiredArchitecture=true|Boolean")
]
//-  Class properties
Class Win32Reg_BitLockerPolicy
{
    [ SMS_Report (TRUE), KEY ]
    String    KeyName;

 //-  BitLocker General properties
    [ SMS_Report (TRUE) ]
    Uint32    ActiveDirectoryBackup;
    [ SMS_Report (TRUE) ]
    Uint32    ActiveDirectoryInfoToStore;
    [ SMS_Report (TRUE) ]
    String    CertificateOID;
    [ SMS_Report (TRUE) ]
    String    DefaultRecoveryFolderPath;
    [ SMS_Report (TRUE) ]
    Uint32    DisableExternalDMAUnderLock;
    [ SMS_Report (TRUE) ]
    Uint32    DisallowStandardUserPINReset;
    [ SMS_Report (TRUE) ]
    Uint32    EnableBDEWithNoTPM;
    [ SMS_Report (TRUE) ]
    Uint32    EnableNonTPM;
    [ SMS_Report (TRUE) ]
    Uint32    EncryptionMethod;
    [ SMS_Report (TRUE) ]
    Uint32    EncryptionMethodNoDiffuser;
    [ SMS_Report (TRUE) ]
    Uint32    EncryptionMethodWithXtsFdv;
    [ SMS_Report (TRUE) ]
    Uint32    EncryptionMethodWithXtsOs;
    [ SMS_Report (TRUE) ]
    Uint32    EncryptionMethodWithXtsRdv;
    [ SMS_Report (TRUE) ]
    Uint32    IdentificationField;
    [ SMS_Report (TRUE) ]
    String    IdentificationFieldString;
    [ SMS_Report (TRUE) ]
    Uint32    MinimumPIN;
    [ SMS_Report (TRUE) ]
    Uint32    MorBehavior;
    [ SMS_Report (TRUE) ]
    String    RecoveryKeyMessage;
    [ SMS_Report (TRUE) ]
    Uint32    RecoveryKeyMessageSource;
    [ SMS_Report (TRUE) ]
    String    RecoveryKeyUrl;
    [ SMS_Report (TRUE) ]
    Uint32    RequireActiveDirectoryBackup;
    [ SMS_Report (TRUE) ]
    String    SecondaryIdentificationField;
    [ SMS_Report (TRUE) ]
    Uint32    TPMAutoReseal;
    [ SMS_Report (TRUE) ]
    Uint32    UseAdvancedStartup;
    [ SMS_Report (TRUE) ]
    Uint32    UseEnhancedPin;
    [ SMS_Report (TRUE) ]
    Uint32    UsePartialEncryptionKey;
    [ SMS_Report (TRUE) ]
    Uint32    UsePIN;
    [ SMS_Report (TRUE) ]
    Uint32    UseRecoveryDrive;
    [ SMS_Report (TRUE) ]
    Uint32    UseRecoveryPassword;
    [ SMS_Report (TRUE) ]
    Uint32    UseTPM;
    [ SMS_Report (TRUE) ]
    Uint32    UseTPMKey;
    [ SMS_Report (TRUE) ]
    Uint32    UseTPMKeyPIN;
    [ SMS_Report (TRUE) ]
    Uint32    UseTPMPIN;

//-  BitLocker OS Drives properties
    [ SMS_Report (TRUE) ]
    Uint32    OSActiveDirectoryBackup;
    [ SMS_Report (TRUE) ]
    Uint32    OSActiveDirectoryInfoToStore;
    [ SMS_Report (TRUE) ]
    String    OSAllowedHardwareEncryptionAlgorithms;
    [ SMS_Report (TRUE) ]
    Uint32    OSAllowSecureBootForIntegrity;
    [ SMS_Report (TRUE) ]
    Uint32    OSAllowSoftwareEncryptionFailover;
    [ SMS_Report (TRUE) ]
    String    OSBcdAdditionalExcludedSettings;
    [ SMS_Report (TRUE) ]
    String    OSBcdAdditionalSecurityCriticalSettings;
    [ SMS_Report (TRUE) ]
    Uint32    OSEnablePrebootInputProtectorsOnSlates;
    [ SMS_Report (TRUE) ]
    Uint32    OSEnablePreBootPinExceptionOnDECapableDevice;
    [ SMS_Report (TRUE) ]
    Uint32    OSEncryptionType;
    [ SMS_Report (TRUE) ]
    Uint32    OSHardwareEncryption;
    [ SMS_Report (TRUE) ]
    Uint32    OSHideRecoveryPage;
    [ SMS_Report (TRUE) ]
    Uint32    OSManageDRA;
    [ SMS_Report (TRUE) ]
    Uint32    OSManageNKP;
    [ SMS_Report (TRUE) ]
    Uint32    OSPassphrase;
    [ SMS_Report (TRUE) ]
    Uint32    OSPassphraseASCIIOnly;
    [ SMS_Report (TRUE) ]
    Uint32    OSPassphraseComplexity;
    [ SMS_Report (TRUE) ]
    Uint32    OSPassphraseLength;
    [ SMS_Report (TRUE) ]
    Uint32    OSRecovery;
    [ SMS_Report (TRUE) ]
    Uint32    OSRecoveryKey;
    [ SMS_Report (TRUE) ]
    Uint32    OSRecoveryPassword;
    [ SMS_Report (TRUE) ]
    Uint32    OSRequireActiveDirectoryBackup;
    [ SMS_Report (TRUE) ]
    Uint32    OSRestrictHardwareEncryptionAlgorithms;
    [ SMS_Report (TRUE) ]
    Uint32    OSUseEnhancedBcdProfile;

//-  BitLocker Fixed Data Drives properties
    [ SMS_Report (TRUE) ]
    Uint32   FDVActiveDirectoryBackup;
    [ SMS_Report (TRUE) ]
    Uint32   FDVActiveDirectoryInfoToStore;
    [ SMS_Report (TRUE) ]
    String   FDVAllowedHardwareEncryptionAlgorithms;
    [ SMS_Report (TRUE) ]
    Uint32   FDVAllowSoftwareEncryptionFailover;
    [ SMS_Report (TRUE) ]
    Uint32   FDVAllowUserCert;
    [ SMS_Report (TRUE) ]
    String   FDVDiscoveryVolumeType;
    [ SMS_Report (TRUE) ]
    Uint32   FDVEncryptionType;
    [ SMS_Report (TRUE) ]
    Uint32   FDVEnforcePassphrase;
    [ SMS_Report (TRUE) ]
    Uint32   FDVEnforceUserCert;
    [ SMS_Report (TRUE) ]
    Uint32   FDVHardwareEncryption;
    [ SMS_Report (TRUE) ]
    Uint32   FDVHideRecoveryPage;
    [ SMS_Report (TRUE) ]
    Uint32   FDVManageDRA;
    [ SMS_Report (TRUE) ]
    Uint32   FDVNoBitLockerToGoReader;
    [ SMS_Report (TRUE) ]
    Uint32   FDVPassphrase;
    [ SMS_Report (TRUE) ]
    Uint32   FDVPassphraseComplexity;
    [ SMS_Report (TRUE) ]
    Uint32   FDVPassphraseLength;
    [ SMS_Report (TRUE) ]
    Uint32   FDVRecovery;
    [ SMS_Report (TRUE) ]
    Uint32   FDVRecoveryKey;
    [ SMS_Report (TRUE) ]
    Uint32   FDVRecoveryPassword;
    [ SMS_Report (TRUE) ]
    Uint32   FDVRequireActiveDirectoryBackup;
    [ SMS_Report (TRUE) ]
    Uint32   FDVRestrictHardwareEncryptionAlgorithms;

//-  BitLocker Removable Data Drives properties
    [ SMS_Report (TRUE) ]
    Uint32   RDVActiveDirectoryBackup;
    [ SMS_Report (TRUE) ]
    Uint32   RDVActiveDirectoryInfoToStore;
    [ SMS_Report (TRUE) ]
    Uint32   RDVAllowBDE;
    [ SMS_Report (TRUE) ]
    String   RDVAllowedHardwareEncryptionAlgorithms;
    [ SMS_Report (TRUE) ]
    Uint32   RDVAllowSoftwareEncryptionFailover;
    [ SMS_Report (TRUE) ]
    Uint32   RDVAllowUserCert;
    [ SMS_Report (TRUE) ]
    Uint32   RDVConfigureBDE;
    [ SMS_Report (TRUE) ]
    Uint32   RDVDenyCrossOrg;
    [ SMS_Report (TRUE) ]
    Uint32   RDVDisableBDE;
    [ SMS_Report (TRUE) ]
    String   RDVDiscoveryVolumeType;
    [ SMS_Report (TRUE) ]
    Uint32   RDVEncryptionType;
    [ SMS_Report (TRUE) ]
    Uint32   RDVEnforcePassphrase;
    [ SMS_Report (TRUE) ]
    Uint32   RDVEnforceUserCert;
    [ SMS_Report (TRUE) ]
    Uint32   RDVHardwareEncryption;
    [ SMS_Report (TRUE) ]
    Uint32   RDVHideRecoveryPage;
    [ SMS_Report (TRUE) ]
    Uint32   RDVManageDRA;
    [ SMS_Report (TRUE) ]
    Uint32   RDVNoBitLockerToGoReader;
    [ SMS_Report (TRUE) ]
    Uint32   RDVPassphrase;
    [ SMS_Report (TRUE) ]
    Uint32   RDVPassphraseComplexity;
    [ SMS_Report (TRUE) ]
    Uint32   RDVPassphraseLength;
    [ SMS_Report (TRUE) ]
    Uint32   RDVRecovery;
    [ SMS_Report (TRUE) ]
    Uint32   RDVRecoveryKey;
    [ SMS_Report (TRUE) ]
    Uint32   RDVRecoveryPassword;
    [ SMS_Report (TRUE) ]
    Uint32   RDVRequireActiveDirectoryBackup;
    [ SMS_Report (TRUE) ]
    Uint32   RDVRestrictHardwareEncryptionAlgorithms;
};