This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

TPM Information in Asset Info

lmiller
Engaged Sweeper II

‎03-09-2018 12:33 AM

Background: I am building reports for assets with/without TPM chips (To see what laptops need to be replaced) and if they do have TPM if it is activated/deactivated (To see if the TPM needs to be activated).
This is all for a full disk encryption project I am working on.

What I am looking for is an explanation of the info that is located in Config -> Hardware -> Trusted Platform Modules as there is a long list of "stuff" in there that I cannot comprehend (See photo attached).

I believe this is causing problems with the report I am running. I am getting false negatives where new laptops that for sure have TPM chips are reporting as not having TPM chips at all. I will attach the report I am running as well.

I hope you guys can help!
Labels:
Preview file
111 KB
Preview file
2 KB
0 Kudos
6 REPLIES 6
lmiller
Engaged Sweeper II

‎03-13-2018 07:32 PM

Thank you for all of your help. This report will give me the information about the TPM. Is there a report where I can generate the computers without a TPM chip? This is helpful in finding the computers that need to be replaced in order to encrypt them.

Thank you in advance!
0 Kudos
Esben_D
Lansweeper Employee
Lansweeper Employee
In response to lmiller

‎03-15-2018 12:09 PM

anpatterson03 wrote:
Charles.X, while you're at it, it would be great if there was an entry on the asset summary page that shows if a TPM is enabled and/or active for quick reference. The report you posted really helps though.


I'll add it to the list of requested improvements for the asset summary page.

lmiller wrote:
Thank you for all of your help. This report will give me the information about the TPM. Is there a report where I can generate the computers without a TPM chip? This is helpful in finding the computers that need to be replaced in order to encrypt them.

Thank you in advance!


You can find the report below. If you would like an overview of all Windows assets (both with and without TPM) you can remove the highlighted code.

Select Top 1000000 tsysAssetTypes.AssetTypeIcon16 As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblTPM.SpecVersion As [TPM Spec Version],
tblTPM.ManufacturerVersion As [TPM Manufacturer Version],
tblTPM.ManufacturerVersionInfo As [TPM Manufacturer Version Information],
Case When tblTPM.IsActivated_InitialValue = 1 Then 'Yes' Else 'No'
End As Activated,
Case When tblTPM.IsEnabled_InitialValue = 1 Then 'Yes' Else 'No'
End As Enabled,
Case When tblTPM.IsOwned_InitialValue = 1 Then 'Yes' Else 'No' End As Owned,
tblTPM.PhysicalPresenceVersionInfo,
tblTPM.LastChanged
From tblTPM
Right Join tblAssets On tblTPM.AssetId = tblAssets.AssetID
Inner Join tsysAssetTypes On tblAssets.Assettype = tsysAssetTypes.AssetType
Where tsysAssetTypes.AssetTypename = 'Windows' And tblTPM.Win32_TpmId Is Null
0 Kudos
Esben_D
Lansweeper Employee
Lansweeper Employee

‎03-12-2018 03:06 PM

I've done some research and found the issue. Currently the asset details page will show all the TPM's for all the assets instead of just the ones from the asset you're requesting the details from. In other words the asset details are not showing the correct results but a report will. Our developers already have a fix for the issue. Unfortunately, I can't provide you with an ETA for the fix since the build it is scheduled for is still prone to changes.

For the moment I would recommend keeping an eye on our changelog, which will list the fix when it has been released.

Until the fix has been released, I would suggest using a report to view the correct TPM information for your assets. Below is an example of such a report. You can use the search fields at the top of the report to filter for a specific assets by asset name.

Select Top 1000000 tsysAssetTypes.AssetTypeIcon16 As icon,
  tblAssets.AssetID,
  tblAssets.AssetName,
  tblTPM.SpecVersion As [TPM Spec Version],
  tblTPM.ManufacturerVersion As [TPM Manufacturer Version],
  tblTPM.ManufacturerVersionInfo As [TPM Manufacturer Version Information],
  Case When tblTPM.IsActivated_InitialValue = 1 Then 'Yes' Else 'No'
  End As Activated,
  Case When tblTPM.IsEnabled_InitialValue = 1 Then 'Yes' Else 'No'
  End As Enabled,
  Case When tblTPM.IsOwned_InitialValue = 1 Then 'Yes' Else 'No' End As Owned,
  tblTPM.PhysicalPresenceVersionInfo,
  tblTPM.LastChanged
From tblTPM
  Inner Join tblAssets On tblTPM.AssetId = tblAssets.AssetID
  Inner Join tsysAssetTypes On tblAssets.Assettype = tsysAssetTypes.AssetType
anpatterson03
Engaged Sweeper III
In response to Esben_D

‎03-13-2018 10:11 PM

Charles.X, while you're at it, it would be great if there was an entry on the asset summary page that shows if a TPM is enabled and/or active for quick reference. The report you posted really helps though.

Charles.X wrote:
I've done some research and found the issue. Currently the asset details page will show all the TPM's for all the assets instead of just the ones from the asset you're requesting the details from. In other words the asset details are not showing the correct results but a report will. Our developers already have a fix for the issue. Unfortunately, I can't provide you with an ETA for the fix since the build it is scheduled for is still prone to changes.

For the moment I would recommend keeping an eye on our changelog, which will list the fix when it has been released.

Until the fix has been released, I would suggest using a report to view the correct TPM information for your assets. Below is an example of such a report. You can use the search fields at the top of the report to filter for a specific assets by asset name.

Select Top 1000000 tsysAssetTypes.AssetTypeIcon16 As icon,
  tblAssets.AssetID,
  tblAssets.AssetName,
  tblTPM.SpecVersion As [TPM Spec Version],
  tblTPM.ManufacturerVersion As [TPM Manufacturer Version],
  tblTPM.ManufacturerVersionInfo As [TPM Manufacturer Version Information],
  Case When tblTPM.IsActivated_InitialValue = 1 Then 'Yes' Else 'No'
  End As Activated,
  Case When tblTPM.IsEnabled_InitialValue = 1 Then 'Yes' Else 'No'
  End As Enabled,
  Case When tblTPM.IsOwned_InitialValue = 1 Then 'Yes' Else 'No' End As Owned,
  tblTPM.PhysicalPresenceVersionInfo,
  tblTPM.LastChanged
From tblTPM
  Inner Join tblAssets On tblTPM.AssetId = tblAssets.AssetID
  Inner Join tsysAssetTypes On tblAssets.Assettype = tsysAssetTypes.AssetType


0 Kudos
lmiller
Engaged Sweeper II

‎03-09-2018 05:23 PM

Is this a known issue that is fixed with 6.0.150.50?

If not I don't think this is a version issue as I got this result for the same computer I used for an example in the original post.

I think it is either a data collection issue or a database issue, but Y'all are the professionals!
Preview file
23 KB
0 Kudos
Esben_D
Lansweeper Employee
Lansweeper Employee

‎03-09-2018 02:59 PM

I would first make sure you are on the latest version (currently 6.0.150.50). Update instructions can be found here: https://www.lansweeper.com/kb/118/updating-your-installation.html

Once that is done, do a full rescan of the asset by using the rescan asset option in the left-hand pane. Afterwards, you could check the asset's Win32_Tpm WMI class. This is where Lansweeper retrieves the data from. If this WMI class is giving back all this data, Lansweeper will also display it.

Try this powershell command:

Get-WMIObject –class Win32_Tpm –Namespace root\cimv2\Security\MicrosoftTpm
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now