Check to see if the TPM is enabled
Hey Everyone!
I recently worked on a project where we were enabling the TPM chip prior to enabling Bitlocker through the task sequence. One thing that we wanted to do was to check to see if the TPM was already enabled and activated prior to running the BIOS configuration tool to enable the TPM. The built in MDT script (ztibde.wsf) does this check however it will fail the script and generate an error and exit the task sequence if the TPM is not already enabled so I decided to modify that script slightly and use the new script to set two variables TPMEnabled and TPMActivated so I could use those as conditions on other steps in the task sequence.
The script below should be named ztiCheckforTPM.wsf and placed in the scripts directory on the deployment share. Just place this script in the task sequence prior to your steps to enable the TPM chip and set a condition that checks for the Task Sequence variables TPMEnabled = FALS and TPMActivated = FALSE on your steps that enable the TPM in the BIOS. I plan on posting the steps to enable the TPM for different manufacturer types later but there are some great articles already out there today. Check out this article for Dell machines.
Enjoy and I hope everyone has a great holiday break!
<job id="ZTIBde">
<script language="VBScript" src="ZTIUtility.vbs"/>
<script language="VBScript">
' // ***************************************************************************
' //
' // Copyright (c) Microsoft Corporation. All rights reserved.
' //
' // Microsoft Deployment Toolkit Solution Accelerator
' //
' // File: ZTICheckforTPM.wsf
' //
' // Version: 5.1.1642.01
' //
' // Purpose: Check to see if TPM is enabled and activated
' //
' // Usage: cscript ZTICheckforTPM.wsf [/debug:true]
' //
' // ***************************************************************************
Option Explicit
RunNewInstance
'//----------------------------------------------------------------------------
'//
'// Global constants
'//
'//----------------------------------------------------------------------------
'//----------------------------------------------------------------------------
'// Main Class
'//----------------------------------------------------------------------------
Class ZTICheckforTPM
'//----------------------------------------------------------------------------
'// Class instance variable declarations
'//----------------------------------------------------------------------------
Public oTpm, oBde, oBdeVol
Public bTpmActivated, bTpmOwned, bTpmEnabled
'//----------------------------------------------------------------------------
'// Constructor to initialize needed global objects
'//----------------------------------------------------------------------------
Private Sub Class_Initialize
End Sub
'//----------------------------------------------------------------------------
'// Main routine
'//----------------------------------------------------------------------------
Function Main
Dim iRetVal, iFreeSpace
Dim sBdeHdTool
Dim bDriveChange
Dim sExistingBdeDrive
Dim sOSDBitLockerWaitForEncryption
Dim sBdeInstallSuppress
Dim iPartitionCount
Dim sOsType
Dim sSecondPass
Dim iValidateConnection
Dim objWMIBDE, colEnVol, objEncVol, ColPS
DIm strStatusData, sEncryptionProgress, sCDriveEncryptionStatus, strConnectionStr1
Dim sSystemDrive
iRetVal = Success
sSystemDrive = ucase(mid(oEnv("WINDIR"),1, 2))
iRetVal = TPMValidate()
wscript.echo oEnvironment.Item("TPMEnabled")
wscript.echo oEnvironment.Item("TPMActivated")
Main = Success
End Function
'//
'// END MAIN
'//
'// TPM Management Functions
Function GetTpmInstance()
Dim iRetVal, sConnection
Dim oTpmWmi, iTpmWmi
On Error Resume Next
sConnection = "winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy}!root\cimv2\Security\MicrosoftTpm"
Set oTpmWmi = GetObject(sConnection)
TestAndFail SUCCESS, 6732, "Failed to Connect to MicrosoftTPM provider"
'// There should either be 0 or 1 instance of the TPM provider class
Set iTpmWmi = oTpmWmi.InstancesOf("Win32_Tpm")
If iTpmWmi.Count = 0 Then
oLogging.CreateEntry "Failed find a TPM instance in the provider class.", LogTypeInfo
GetTpmInstance = Failure
EXIT FUNCTION
End If
Err.Clear
'Get a single instance of the TPM provider class
Set oTpm = oTpmWmi.Get("Win32_Tpm=@")
TestAndFail SUCCESS, 6733, "Get a TPM instance in the provider class"
End Function
Function TpmValidate ()
Dim iRetVal, sCmd, sTpmOwnerPassword
iRetVal = Success
'// Set oTpm to valid instance
iRetVal = GetTpmInstance()
If iRetVal = Failure Then
TPMValidate = Failure
oEnvironment.Item("TPMEnabled") = "FALSE"
oEnvironment.Item("TPMActivated") = "FALSE"
Exit Function
End If
'// Set global booleans for TPM state. Error bubble handled by subs
iRetVal = GetTpmEnabled()
If iRetVal = Failure Then
TPMValidate = Failure
oEnvironment.Item("TPMActivated") = "FALSE"
Exit Function
End IF
iRetVal = GetTpmActivated()
If iRetVal = Failure Then
TPMValidate = Failure
oEnvironment.Item("TPMActivated") = "FALSE"
Exit Function
End IF
TpmValidate = Success
End Function
Function GetTpmEnabled()
Dim iRetVal
iRetVal = Success
iRetVal = oTpm.IsEnabled(bTpmEnabled)
If iRetVal = Failure Then
oLogging.CreateEntry "TPM is not currently enabled", LogTypeInfo
oEnvironment.Item("TPMEnabled") = "FALSE"
GetTPMEnabled = Failure
Exit Function
End If
oEnvironment.Item("TPMEnabled") = "TRUE"
oLogging.CreateEntry "Success TPM Enabled", LogTypeInfo
GetTpmEnabled = Success
End Function
Function GetTpmActivated()
Dim iRetVal
iRetVal = Success
iRetVal = oTpm.IsActivated(bTpmActivated)
If iRetVal = Failure Then
oLogging.CreateEntry "TPM is not currently Activated", LogTypeInfo
oEnvironment.Item("TPMActivated") = "FALSE"
GetTPMActivated = Failure
Exit Function
End If
oEnvironment.Item("TPMActivated") = "TRUE"
oLogging.CreateEntry "Success TPM Is Activated", LogTypeInfo
GetTpmActivated = Success
End Function
End Class
</script>
</job>
This post was contributed by Tim Mintner, a Senior Consultant with Microsoft Services - U.S.
Disclaimer: The information on this site is provided "AS IS" with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of included script samples are subject to the terms specified in the Terms of Use .