none
computer non compliant with a bitlocker strategy RRS feed

  • Question

  • Hello,

    After deploying a bitlocker strategy on client with SCCM, our client is still non compliant.

    "Get-WMIObject -Class mbam_Volume -NameSpace root\microsoft\mbam).ReasonsForNonCompliance" Returns

    1
    15
    3

    I copied the compliance_report.htm

    -<ConfigurationItemReport AuthoringScope="ScopeId_46190275-2F72-48FF-AFC2-39C4A5E402B7" LogicalName="ConfigurationPolicy_973593b2-b9aa-416f-851f-4f6a8ac65735" Version="2" Type="None" ComputerName="LPF2D5K5P" CIComplianceState="NonCompliant" CIDesiredState="Compliant" CIApplicablityState="Applicable" CISeverity="Warning" CIConfigureState="Configured" TotalConstraintViolations="1" TotalDiscoveryViolations="0" TotalModelViolations="0" TotalSuppressionCount="0" TotalEnforcements="14" TotalConflicts="0" MaxOverallSeverity="Warning">
    -<CIProperties>
     <Name>test</Name>
     <Description/>
     </CIProperties>
    -<ConstraintViolations Count="1" SuppressedCount="0" MaxSeverity="None">
    -<ConstraintViolation Severity="Warning" DiscoveryFailure="False" Suppressed="false" SeverityOverride="false" PreviousSeverity="Warning" AuthoringScope="ScopeId_46190275-2F72-48FF-AFC2-39C4A5E402B7" LogicalName="ConfigurationPolicy_973593b2-b9aa-416f-851f-4f6a8ac65735" Version="2">
     <RuleLogicalName>BitLockerManagementSettings_0_BMSOSDEncryptionPolicy</RuleLogicalName>
     <RuleName>BitLockerManagementSettings_0_BMSOSDEncryptionPolicy</RuleName>
     <Constraint/>
    -<SettingInformation>
    -<InstanceData>
     <Instance RuleExpression="Equals <policy name="BMSOSDEncryptionPolicy" class="Machine" supportedon="SUPPORTED_Windows7" state="Enabled"> <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" valuename="ShouldEncryptOSDrive" type="DWORD" isdeleted="false" value="1" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE" valuename="EnableBDEWithNoTPM" type="DWORD" isdeleted="false" value="0" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" valuename="OSDriveProtector" type="DWORD" isdeleted="false" value="1" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE" valuename="DisallowStandardUserPINReset" type="DWORD" isdeleted="false" value="1" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE" valuename="UsePartialEncryptionKey" type="DWORD" isdeleted="false" value="2" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE" valuename="UsePIN" type="DWORD" isdeleted="false" value="2" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE" valuename="UseAdvancedStartup" type="DWORD" isdeleted="false" value="1" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE" valuename="UseTPM" type="DWORD" isdeleted="false" value="2" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE" valuename="UseTPMKey" type="DWORD" isdeleted="false" value="2" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE" valuename="UseTPMPIN" type="DWORD" isdeleted="false" value="2" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE" valuename="UseTPMKeyPIN" type="DWORD" isdeleted="false" value="2" /> <Setting key="SOFTWARE\Policies\Microsoft\FVE" valuename="MinimumPIN" type="DWORD" isdeleted="false" value="4" /> </policy>" RuleType="Value" InstanceSource="" CurrentValue="0"/>
     </InstanceData>
     <SettingLogicalName>BitLockerManagementSettings_BMSOSDEncryptionPolicy</SettingLogicalName>
     <SettingApplicableAtLogon>false</SettingApplicableAtLogon>
     <SettingConfigurationItem ModelName="GLOBAL/BitLocker_Management_Settings" Version="2"/>
     <SettingName>BitLockerManagementSettings_BMSOSDEncryptionPolicy</SettingName>
     <SettingType>None</SettingType>
     <SettingClassification>1</SettingClassification>
     </SettingInformation>
     </ConstraintViolation>
     </ConstraintViolations>
     <ConflictViolations Count="0" SuppressedCount="0" MaxSeverity="Error"/>
     <Enforcements Count="14"/>
     <CompliantRules Count="13"/>
     <ModelViolations Count="0" SuppressedCount="0" MaxSeverity="None"/>
     <DiscoveryViolations Count="0" SuppressedCount="0" MaxSeverity="None"/>
     </ConfigurationItemReport>

    did someone encounter this problem ?

    Tuesday, April 20, 2021 12:04 PM