cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
lmiller
Engaged Sweeper II
Background: I am building reports for assets with/without TPM chips (To see what laptops need to be replaced) and if they do have TPM if it is activated/deactivated (To see if the TPM needs to be activated).
This is all for a full disk encryption project I am working on.

What I am looking for is an explanation of the info that is located in Config -> Hardware -> Trusted Platform Modules as there is a long list of "stuff" in there that I cannot comprehend (See photo attached).

I believe this is causing problems with the report I am running. I am getting false negatives where new laptops that for sure have TPM chips are reporting as not having TPM chips at all. I will attach the report I am running as well.

I hope you guys can help!
6 REPLIES 6
lmiller
Engaged Sweeper II
Thank you for all of your help. This report will give me the information about the TPM. Is there a report where I can generate the computers without a TPM chip? This is helpful in finding the computers that need to be replaced in order to encrypt them.

Thank you in advance!
Esben_D
Lansweeper Employee
Lansweeper Employee
anpatterson03 wrote:
Charles.X, while you're at it, it would be great if there was an entry on the asset summary page that shows if a TPM is enabled and/or active for quick reference. The report you posted really helps though.


I'll add it to the list of requested improvements for the asset summary page.

lmiller wrote:
Thank you for all of your help. This report will give me the information about the TPM. Is there a report where I can generate the computers without a TPM chip? This is helpful in finding the computers that need to be replaced in order to encrypt them.

Thank you in advance!


You can find the report below. If you would like an overview of all Windows assets (both with and without TPM) you can remove the highlighted code.

Select Top 1000000 tsysAssetTypes.AssetTypeIcon16 As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblTPM.SpecVersion As [TPM Spec Version],
tblTPM.ManufacturerVersion As [TPM Manufacturer Version],
tblTPM.ManufacturerVersionInfo As [TPM Manufacturer Version Information],
Case When tblTPM.IsActivated_InitialValue = 1 Then 'Yes' Else 'No'
End As Activated,
Case When tblTPM.IsEnabled_InitialValue = 1 Then 'Yes' Else 'No'
End As Enabled,
Case When tblTPM.IsOwned_InitialValue = 1 Then 'Yes' Else 'No' End As Owned,
tblTPM.PhysicalPresenceVersionInfo,
tblTPM.LastChanged
From tblTPM
Right Join tblAssets On tblTPM.AssetId = tblAssets.AssetID
Inner Join tsysAssetTypes On tblAssets.Assettype = tsysAssetTypes.AssetType
Where tsysAssetTypes.AssetTypename = 'Windows' And tblTPM.Win32_TpmId Is Null
Esben_D
Lansweeper Employee
Lansweeper Employee
I've done some research and found the issue. Currently the asset details page will show all the TPM's for all the assets instead of just the ones from the asset you're requesting the details from. In other words the asset details are not showing the correct results but a report will. Our developers already have a fix for the issue. Unfortunately, I can't provide you with an ETA for the fix since the build it is scheduled for is still prone to changes.

For the moment I would recommend keeping an eye on our changelog, which will list the fix when it has been released.

Until the fix has been released, I would suggest using a report to view the correct TPM information for your assets. Below is an example of such a report. You can use the search fields at the top of the report to filter for a specific assets by asset name.

Select Top 1000000 tsysAssetTypes.AssetTypeIcon16 As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblTPM.SpecVersion As [TPM Spec Version],
tblTPM.ManufacturerVersion As [TPM Manufacturer Version],
tblTPM.ManufacturerVersionInfo As [TPM Manufacturer Version Information],
Case When tblTPM.IsActivated_InitialValue = 1 Then 'Yes' Else 'No'
End As Activated,
Case When tblTPM.IsEnabled_InitialValue = 1 Then 'Yes' Else 'No'
End As Enabled,
Case When tblTPM.IsOwned_InitialValue = 1 Then 'Yes' Else 'No' End As Owned,
tblTPM.PhysicalPresenceVersionInfo,
tblTPM.LastChanged
From tblTPM
Inner Join tblAssets On tblTPM.AssetId = tblAssets.AssetID
Inner Join tsysAssetTypes On tblAssets.Assettype = tsysAssetTypes.AssetType
Charles.X, while you're at it, it would be great if there was an entry on the asset summary page that shows if a TPM is enabled and/or active for quick reference. The report you posted really helps though.

Charles.X wrote:
I've done some research and found the issue. Currently the asset details page will show all the TPM's for all the assets instead of just the ones from the asset you're requesting the details from. In other words the asset details are not showing the correct results but a report will. Our developers already have a fix for the issue. Unfortunately, I can't provide you with an ETA for the fix since the build it is scheduled for is still prone to changes.

For the moment I would recommend keeping an eye on our changelog, which will list the fix when it has been released.

Until the fix has been released, I would suggest using a report to view the correct TPM information for your assets. Below is an example of such a report. You can use the search fields at the top of the report to filter for a specific assets by asset name.

Select Top 1000000 tsysAssetTypes.AssetTypeIcon16 As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblTPM.SpecVersion As [TPM Spec Version],
tblTPM.ManufacturerVersion As [TPM Manufacturer Version],
tblTPM.ManufacturerVersionInfo As [TPM Manufacturer Version Information],
Case When tblTPM.IsActivated_InitialValue = 1 Then 'Yes' Else 'No'
End As Activated,
Case When tblTPM.IsEnabled_InitialValue = 1 Then 'Yes' Else 'No'
End As Enabled,
Case When tblTPM.IsOwned_InitialValue = 1 Then 'Yes' Else 'No' End As Owned,
tblTPM.PhysicalPresenceVersionInfo,
tblTPM.LastChanged
From tblTPM
Inner Join tblAssets On tblTPM.AssetId = tblAssets.AssetID
Inner Join tsysAssetTypes On tblAssets.Assettype = tsysAssetTypes.AssetType


lmiller
Engaged Sweeper II
Is this a known issue that is fixed with 6.0.150.50?

If not I don't think this is a version issue as I got this result for the same computer I used for an example in the original post.

I think it is either a data collection issue or a database issue, but Y'all are the professionals!
Esben_D
Lansweeper Employee
Lansweeper Employee
I would first make sure you are on the latest version (currently 6.0.150.50). Update instructions can be found here: https://www.lansweeper.com/kb/118/updating-your-installation.html

Once that is done, do a full rescan of the asset by using the rescan asset option in the left-hand pane. Afterwards, you could check the asset's Win32_Tpm WMI class. This is where Lansweeper retrieves the data from. If this WMI class is giving back all this data, Lansweeper will also display it.

Try this powershell command:

Get-WMIObject –class Win32_Tpm –Namespace root\cimv2\Security\MicrosoftTpm