Enable the Trusted Platform Module (TPM)

So in my never ending quest to do obscure stuff, I.E. Script BitLocker
I found that I had to make sure the TPM (Trusted Platform Module)
was:
1. Enabled
2. Activated
3. Owned (this is handled in another script)
Here is the script I came up with to do just that.
‘< —– Start vbScript —————————>
‘On Error Resume Next
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
Set oSystemSet = GetObject(“winmgmts:{impersonationLevel=impersonate,” _
& “(Shutdown)}”).InstancesOf(“Win32_OperatingSystem”)
arrComputers = Array(“.”)
For Each strComputer In arrComputers
   WScript.Echo
   WScript.Echo “==========================================”
   WScript.Echo “Computer: ” & strComputer
   WScript.Echo “==========================================”
TPMOn = False
Set objWMIService = GetObject(“WinMgmts:{impersonationLevel=impersonate,AuthenticationLevel=pktprivacy}//” _
& “.” & “rootCIMV2SecurityMicrosoftTpm”)
Set objItems = objWMIService.InstancesOf(“Win32_Tpm”)
For Each objItem in objItems
  rvaluea = objItem.IsEnabled(A)
  rvalueb = objItem.IsActivated(B)
  rvaluec = objItem.IsOwned(C)
  TPMOn = True
WScript.Echo “TPM Is Enabled: ” & A
WScript.Echo “TPM Is Activated: ” & B
WScript.Echo “TPM Is Owned: ” & C
If A AND B AND C Then
  WScript.Echo “The TPM Is Enabled, Activated and Owned”
Else
   objItem.SetPhysicalPresenceRequest(14)  ‘<—- see note below
   If Err.Number <> 0 Then
         WScript.Echo “Enabling Trusted Platform Module failed.”
   End If
        MsgBox “Will Reboot in 10 seconds”
       WScript.Sleep 10000
       Reboot
  End If
Next
If (TPMOn = False) Then
   WScript.Echo “Trusted Platform Module may be turned off”
End If
Next
Sub Reboot
For Each oSystem In oSystemSet
        oSystem.Win32Shutdown 6
Next
End Sub
‘< —– end vbScript —————————>
I also had to verify that the TPM was SpecVersion 1.2 or else it won’t work with BitLocker.

 

On Error Resume Next

Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20

arrComputers = Array(“.”)
For Each strComputer In arrComputers
WScript.Echo
WScript.Echo “==========================================”
WScript.Echo “Computer: ” & strComputer
WScript.Echo “==========================================”

   Set objWMIService = GetObject(“winmgmts:\.rootCIMV2SecurityMicrosoftTpm”)
Set colItems = objWMIService.ExecQuery(“SELECT * FROM Win32_Tpm”, “WQL”, _
wbemFlagReturnImmediately + wbemFlagForwardOnly)
For Each objItem In colItems
WScript.Echo “SpecVersion: ” & objItem.SpecVersion
SpecVersion = CStr(objItem.SpecVersion)
Next
If Left(SpecVersion,3) = 1.2 Then
WScript.Echo “TPM is version 1.2”
Else
WScript.Echo “TPM is NOT version 1.2.”
WScript.Quit
End If

Next

Advertisements

2 thoughts on “Enable the Trusted Platform Module (TPM)

  1. Pingback: Bitlocker and SCCM (Including TPM)

  2. The last script is missing a “Next” line at the very end to close off the line starting with:
    For Each strComputer In arrComputers

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s