How can I Identify the Status of the TPM Chip on the Computers in my Environment
search cancel

How can I Identify the Status of the TPM Chip on the Computers in my Environment

book

Article ID: 221244

calendar_today

Updated On:

Products

Client Management Suite Inventory Solution IT Management Suite

Issue/Introduction

We need to know if the TPM chip on our computers is enabled or not.  How can we use custom inventory to identify the computer's status regarding the TPM chip being enabled or disabled?

Environment

Release: ITMS 8.x

Component: Inventory Solution 8.x

Cause

N/A

Resolution

You can accomplish this using a custom inventory script to retrieve the status of the TPM chip.  The following steps will walk you through creating a custom data class to store the information and the script to gather the data.

Create a new custom Data Class that will store the TPM chip status.  The following screenshot illustrates this process:

Once created, highlight the new data class in the left-hand menu, and click on the finger pointer icon as shown in the following screenshot:

As shown in the screenshot above, copy the GUID to notepad.  This GUID will be pasted into the PowerShell script below, where indicated by YourCustomDataClassGUIDHere.

Create a new client script task, choosing the Run Script option.  Using the PowerShell script below, copy and paste it remembering to put in your GUID that you copied earlier where indicated in the script.

$testif = (get-tpm).TpmEnabled

#Do not change this section.  It is always static.#########
$nse = New-Object -ComObject Altiris.AeXNSEvent           #
$nse.To = "{1592B913-72F3-4C36-91D2-D4EDA21D2F96}"        #
$nse.Priority = 1                                         #
###########################################################

#Modify this varaible with the custom data class guid
$strDataClassGuid = "{YourCustomDataClassGUIDHere}"

$objDCInstance = $nse.AddDataClass($strDataClassGuid)
$objDataclass = $nse.AddDataBlock($objDCInstance)


if ($testif -eq $true)
{
    $objDataRow = $objDataclass.AddRow()
    $objDataRow.SetField(0, 'TPM Enabled')
}


else
{
$objDataRow = $objDataclass.AddRow()
    $objDataRow.SetField(0, 'TPM Not Enabled')
    
}
$nse.SendQueued()

You can now run this against your remote computers to get back the status of the TPM chip.  The following SQL query, assuming you named your custom data class TPM Status, may help you build a report:

select vc.Guid as _ItemGuid, vc.Name as [Computer Name], vc.[OS Name], vc.[IP Address], tpm.[TPM Status]
from Inv_TPM_Status tpm
join vComputer vc on vc.Guid = tpm._ResourceGuid
where vc.IsManaged = 1

 

Additional Information

NOTE: Symantec Support does not support custom scripting or reporting. Modifications to the script and report must be made by the user. Please contact Symantec Consulting Services for assistance with creating custom inventory scripts or custom reports, who can be reached at: 

Symantec Consulting Services