MBAM Beta 2.0 & ConfigMgr 2012 SP1: Empty MBAM Supported Computers Collection

I deployed MBAM Beta 2.0 into my lab environment tonight but was struggling to see any compliance information for my MBAM encrypted systems.  The collection which is targeted by the Compliance Baseline was empty – despite the changes made to the configuration.mof and the import of the sms_def.mof classes – and the subsequent fully populated hardware inventory classes with data showing in the resource explorer.  So what gives?

Well, it looks to me like the default collection logic and parentheses might be a little mixed up – resulting in no clients meeting the criteria.  Here’s the default membership rule:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM_EXT on SMS_G_System_OPERATING_SYSTEM_EXT.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_TPM on SMS_G_System_TPM.ResourceID = SMS_R_System.ResourceId where ((SMS_G_System_OPERATING_SYSTEM.Version like "6.1.%" and SMS_G_System_OPERATING_SYSTEM_EXT.SKU in (1,4,27,28,70,71) and SMS_G_System_TPM.SpecVersion >= "1.2") or SMS_G_System_OPERATING_SYSTEM.Version like "6.2.%") and SMS_G_System_COMPUTER_SYSTEM.DomainRole = 1 and SMS_G_System_COMPUTER_SYSTEM.Model not in ("Virtual Machine")

Here’s my modified membership rule that now includes my MBAM clients and non-MBAM clients that have returned HW inventory:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM_EXT on SMS_G_System_OPERATING_SYSTEM_EXT.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_TPM on SMS_G_System_TPM.ResourceID = SMS_R_System.ResourceId where (SMS_G_System_OPERATING_SYSTEM.Version like "6.1.%" or SMS_G_System_OPERATING_SYSTEM.Version like "6.2.%") and SMS_G_System_OPERATING_SYSTEM_EXT.SKU in (1,4,27,28,70,71) and SMS_G_System_COMPUTER_SYSTEM.DomainRole = 1 and SMS_G_System_COMPUTER_SYSTEM.Model not in ("Virtual Machine") and  SMS_G_System_TPM.SpecVersion >= "1.2"

It’s late, maybe I don’t fully understand the default membership rule, but all I know is that my collection now contains the systems it should, and only the systems it should.

Andy

Advertisements

About madluka

4 Responses to MBAM Beta 2.0 & ConfigMgr 2012 SP1: Empty MBAM Supported Computers Collection

  1. Steve Campbell says:

    Thanks! This fixed my problem with computers not showing up in the “MBAM Supported Computers” collection as well as not showing in reporting.
    New problem: the Enterprise Compliance Dashboard report shows that we are in 100 percent compliance, but the Bitlocker Computer Compliance report shows nothing when I enter a computer name. Grrrrr!

  2. Mike Crowley says:

    Nice. The default query doesn’t even make sense to me, as it includes XP…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: