Tuesday, 15 February 2011

A simple check to see if the TPM is enabled

The Deployment Guys have an interesting post on how to check if the TPM chip is enabled and activated as part of a task sequence (see here).

When we deployed Windows 7 we ran into the same problem. Our solution was a bit simpler!

Connecting to root\cimv2\Security\MicrosoftTPM and executing

select * from win32_tpm

will only return a value if the TPM is enabled. This can be added as a condition in your Task Sequence so that your Bitlocker steps only run if the TPM is on.



A note of caution though - this query does not check whether the TPM is activated. It only checks that the TPM is enabled.

1 comment:

Ogeccut said...

By default TPM is enabled on Lenovo from the factory. Is there any way to check for TPMActive? I tried deploymentguys script, but it reports TPMActive=TRUE regardless if its TRUE or FALSE “as per Lenovo script” And will not step in to the Task is TPM is not active.
Thanks.