Configurations Profiles

160

Configuration Profiles allow you to set BitLocker settings on the client, such as whether to encrypt operating system disks and which key protectors to enable for fixed data drives.

8

9

Two sample default configuration profiles (Clients and Servers) are provided and can be applied in a variety of ways.

10

11

12

(% style="text-align:center" %)

13

[[image:64_BitLocker Management_Konfigurationsprofile.png]]

14

15

16

Übersicht der Konfigurationsprofile im BitLocker Management

In general, configuration profiles can be organised and managed using directories. Each action (adding, editing, deleting and duplicating configuration profiles) requires the appropriate permissions, which can be assigned using the [[User Management>>doc:ACMP.64.ACMP-Solutions.System.Benutzerverwaltung.WebHome||anchor="HGruppenverwalten"]].

21

22

The configuration profiles are divided into three parts and are defined by Microsoft under the following headings: [[Operating System Drives>>doc:ACMP.64.ACMP-Solutions.Security.BitLocker Management.Konfigurationsprofile.Konfigurationsprofil-Einstellungen.WebHome||anchor="HBetriebssystemlaufwerke"]], [[Fixed Data Drives>>doc:ACMP.64.ACMP-Solutions.Security.BitLocker Management.Konfigurationsprofile.Konfigurationsprofil-Einstellungen.WebHome||anchor="HFestplattenlaufwerke"]] and [[Removable Data Drives>>doc:ACMP.64.ACMP-Solutions.Security.BitLocker Management.Konfigurationsprofile.Konfigurationsprofil-Einstellungen.WebHome||anchor="HWechseldatentrE4ger"]].

23

24

= Working with Configuration Profiles =

25

26

== Assigning Configuration Profiles to Clients ==

27

28

Sie können über zwei Wege Ihren Clients ein Konfigurationsprofil zuweisen:

29

30

There are two ways of assigning Configuration Profiles to your Clients:

31

32

**1.By explicit assignment**

33

This assignement is done via a query. To do this, select a required Client, navigate to BitLocker Management in the Query action bar, and click //Assign Configuration Profile//. This will open a dialogue box where you can select the required configuration profile. Within the default configuration, you can overwrite the configuration assignment with a container. If this is not desired you can uncheck this option. Continue the association by clicking on //Execute//. You can view the status of the mapping in the Job Monitor.

34

35

**2. Via an automatic container association**

36

In the Container plug-in, select a container or create a new one, and then switch to the //BitLocker Management// tab. Then click either //Assign// in the ribbon bar or //Click in the workspace to assign a configuration profile//. Any Client assigned to a Container with a Configuration Profile assignment will automatically receive the Configuration Profile.

37

38

39

Note that only one Configuration Profile can be assigned to each Client! If a Client is assigned to more than one Container, the Client will receive the Configuration Profile from the Container with the highest priority. If you are also using Multi-Tenancy, the Global Containers are assigned above the Client Containers.

40

41

42

If you want to remove the assignment or make changes to the Configuration Profile, you can also do this from the ribbon bar.

43

44

45

If a Managed Client is skipped when manually assigning the profile, the minimum requirement will not be met. Please note the [[requirements>>doc:64.ACMP-Solutions.Security.BitLocker Management.WebHome||anchor="HSystemvoraussetzungenfFCrBitLocker"]] for BitLocker management on the clients.

46

47

48

== **Container behaviour** ==

49

50

You can see which containers have been assigned a configuration profile by looking at the BitLocker icon. To do this, navigate to the //Container// plug-in (//Client Management// > //Containers//), where all existing containers are listed. A BitLocker icon will appear in the //Properties// column if a configuration profile has been assigned to that container.

51

52

The BitLocker icon appears in two colours:

53

54

1. As a blue icon: The container is directly associated with a configuration profile.

55

1. As a grey icon: The container has an inherited association. This means that all child containers inherit the configuration profile of the parent container.

56

57

You can undo the inheritance at any time by clicking on //Cancel// in the ribbon bar. If you want to undo the action, click //Restore//.

author	version	line-number	content
		1	{{aagon.priorisierung}}
		2	160
		3	{{/aagon.priorisierung}}
		4
		5	{{aagon.floatingbox/}}
		6
		7	Configuration Profiles allow you to set BitLocker settings on the client, such as whether to encrypt operating system disks and which key protectors to enable for fixed data drives.
		8
		9	Two sample default configuration profiles (Clients and Servers) are provided and can be applied in a variety of ways.
		10
		11	{{figure}}
		12	(% style="text-align:center" %)
		13	[[image:64_BitLocker Management_Konfigurationsprofile.png]]
		14
		15	{{figureCaption}}
		16	Übersicht der Konfigurationsprofile im BitLocker Management
		17	{{/figureCaption}}
		18	{{/figure}}
		19
		20	In general, configuration profiles can be organised and managed using directories. Each action (adding, editing, deleting and duplicating configuration profiles) requires the appropriate permissions, which can be assigned using the [[User Management>>doc:ACMP.64.ACMP-Solutions.System.Benutzerverwaltung.WebHome\|\|anchor="HGruppenverwalten"]].
		21
		22	The configuration profiles are divided into three parts and are defined by Microsoft under the following headings: [[Operating System Drives>>doc:ACMP.64.ACMP-Solutions.Security.BitLocker Management.Konfigurationsprofile.Konfigurationsprofil-Einstellungen.WebHome\|\|anchor="HBetriebssystemlaufwerke"]], [[Fixed Data Drives>>doc:ACMP.64.ACMP-Solutions.Security.BitLocker Management.Konfigurationsprofile.Konfigurationsprofil-Einstellungen.WebHome\|\|anchor="HFestplattenlaufwerke"]] and [[Removable Data Drives>>doc:ACMP.64.ACMP-Solutions.Security.BitLocker Management.Konfigurationsprofile.Konfigurationsprofil-Einstellungen.WebHome\|\|anchor="HWechseldatentrE4ger"]].
		23
		24	= Working with Configuration Profiles =
		25
		26	== Assigning Configuration Profiles to Clients ==
		27
		28	Sie können über zwei Wege Ihren Clients ein Konfigurationsprofil zuweisen:
		29
		30	There are two ways of assigning Configuration Profiles to your Clients:
		31
		32	1.By explicit assignment
		33	This assignement is done via a query. To do this, select a required Client, navigate to BitLocker Management in the Query action bar, and click //Assign Configuration Profile//. This will open a dialogue box where you can select the required configuration profile. Within the default configuration, you can overwrite the configuration assignment with a container. If this is not desired you can uncheck this option. Continue the association by clicking on //Execute//. You can view the status of the mapping in the Job Monitor.
		34
		35	2. Via an automatic container association
		36	In the Container plug-in, select a container or create a new one, and then switch to the //BitLocker Management// tab. Then click either //Assign// in the ribbon bar or //Click in the workspace to assign a configuration profile//. Any Client assigned to a Container with a Configuration Profile assignment will automatically receive the Configuration Profile.
		37
		38	{{aagon.infobox}}
		39	Note that only one Configuration Profile can be assigned to each Client! If a Client is assigned to more than one Container, the Client will receive the Configuration Profile from the Container with the highest priority. If you are also using Multi-Tenancy, the Global Containers are assigned above the Client Containers.
		40	{{/aagon.infobox}}
		41
		42	If you want to remove the assignment or make changes to the Configuration Profile, you can also do this from the ribbon bar.
		43
		44	{{aagon.infobox}}
		45	If a Managed Client is skipped when manually assigning the profile, the minimum requirement will not be met. Please note the [[requirements>>doc:64.ACMP-Solutions.Security.BitLocker Management.WebHome\|\|anchor="HSystemvoraussetzungenfFCrBitLocker"]] for BitLocker management on the clients.
		46	{{/aagon.infobox}}
		47
		48	== Container behaviour ==
		49
		50	You can see which containers have been assigned a configuration profile by looking at the BitLocker icon. To do this, navigate to the //Container// plug-in (//Client Management// > //Containers//), where all existing containers are listed. A BitLocker icon will appear in the //Properties// column if a configuration profile has been assigned to that container.
		51
		52	The BitLocker icon appears in two colours:
		53
		54	1. As a blue icon: The container is directly associated with a configuration profile.
		55	1. As a grey icon: The container has an inherited association. This means that all child containers inherit the configuration profile of the parent container.
		56
		57	You can undo the inheritance at any time by clicking on //Cancel// in the ribbon bar. If you want to undo the action, click //Restore//.

Wiki source code of Konfigurationsprofile