Hello,
After deploying a bitlocker strategy on client with SCCM, our client is still non compliant.
"Get-WMIObject -Class mbam_Volume -NameSpace root\microsoft\mbam).ReasonsForNonCompliance" Returns
1
15
3
I copied the compliance_report.htm
-<ConfigurationItemReport AuthoringScope="ScopeId_46190275-2F72-48FF-AFC2-39C4A5E402B7" LogicalName="ConfigurationPolicy_973593b2-b9aa-416f-851f-4f6a8ac65735" Version="2" Type="None" ComputerName="LPF2D5K5P" CIComplianceState="NonCompliant" CIDesiredState="Compliant" CIApplicablityState="Applicable" CISeverity="Warning" CIConfigureState="Configured" TotalConstraintViolations="1" TotalDiscoveryViolations="0" TotalModelViolations="0" TotalSuppressionCount="0" TotalEnforcements="14" TotalConflicts="0" MaxOverallSeverity="Warning">
-<CIProperties>
<Name>test</Name>
<Description/>
</CIProperties>
-<ConstraintViolations Count="1" SuppressedCount="0" MaxSeverity="None">
-<ConstraintViolation Severity="Warning" DiscoveryFailure="False" Suppressed="false" SeverityOverride="false" PreviousSeverity="Warning" AuthoringScope="ScopeId_46190275-2F72-48FF-AFC2-39C4A5E402B7" LogicalName="ConfigurationPolicy_973593b2-b9aa-416f-851f-4f6a8ac65735" Version="2">
<RuleLogicalName>BitLockerManagementSettings_0_BMSOSDEncryptionPolicy</RuleLogicalName>
<RuleName>BitLockerManagementSettings_0_BMSOSDEncryptionPolicy</RuleName>
<Constraint/>
-<SettingInformation>
-<InstanceData>
<Instance RuleExpression="Equals <policy name="BMSOSDEncryptionPolicy" class="Machine" supportedon="SUPPORTED_Windows7" state="Enabled"> <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" valuename="ShouldEncryptOSDrive" type="DWORD" isdeleted="false" value="1" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE" valuename="EnableBDEWithNoTPM" type="DWORD" isdeleted="false" value="0" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" valuename="OSDriveProtector" type="DWORD" isdeleted="false" value="1" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE" valuename="DisallowStandardUserPINReset" type="DWORD" isdeleted="false" value="1" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE" valuename="UsePartialEncryptionKey" type="DWORD" isdeleted="false" value="2" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE" valuename="UsePIN" type="DWORD" isdeleted="false" value="2" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE" valuename="UseAdvancedStartup" type="DWORD" isdeleted="false" value="1" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE" valuename="UseTPM" type="DWORD" isdeleted="false" value="2" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE" valuename="UseTPMKey" type="DWORD" isdeleted="false" value="2" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE" valuename="UseTPMPIN" type="DWORD" isdeleted="false" value="2" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE" valuename="UseTPMKeyPIN" type="DWORD" isdeleted="false" value="2" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE" valuename="MinimumPIN" type="DWORD" isdeleted="false" value="4" /> </policy>" RuleType="Value" InstanceSource="" CurrentValue="0"/>
</InstanceData>
<SettingLogicalName>BitLockerManagementSettings_BMSOSDEncryptionPolicy</SettingLogicalName>
<SettingApplicableAtLogon>false</SettingApplicableAtLogon>
<SettingConfigurationItem ModelName="GLOBAL/BitLocker_Management_Settings" Version="2"/>
<SettingName>BitLockerManagementSettings_BMSOSDEncryptionPolicy</SettingName>
<SettingType>None</SettingType>
<SettingClassification>1</SettingClassification>
</SettingInformation>
</ConstraintViolation>
</ConstraintViolations>
<ConflictViolations Count="0" SuppressedCount="0" MaxSeverity="Error"/>
<Enforcements Count="14"/>
<CompliantRules Count="13"/>
<ModelViolations Count="0" SuppressedCount="0" MaxSeverity="None"/>
<DiscoveryViolations Count="0" SuppressedCount="0" MaxSeverity="None"/>
</ConfigurationItemReport>
did someone encounter this problem ?
