This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
→ 🚀Are you a Lansweeper Champion?! Join our Contributor Program Sign up here!
Community FAQ
Register | Log In
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- General Discussions
- Re: TPM Reporting Issue Help
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-17-2018 02:03 AM
I am trying to create a report that can tell whether a TPM is present or not.
I have used a few old community posts about TPM presence and have also come up with queries from "scratch" and I can't find a consistent answer. I have a few systems I know are encrypted using Sophos and Lansweeper is saying they don't have TPM's at all or LS is saying their TPMs are not active. Here are a few snippets of code:
&
Both of these snippets of code run and populate data, but they are not accurate. I have a few systems that I know are encrypted and some that are not and neither of them are falling in line with what LS is reporting. Has anyone else had this issue? Am I missing something in the code? Any support would be great.
*Asset names for parsing are fillers, not what is actually in the query.
I have used a few old community posts about TPM presence and have also come up with queries from "scratch" and I can't find a consistent answer. I have a few systems I know are encrypted using Sophos and Lansweeper is saying they don't have TPM's at all or LS is saying their TPMs are not active. Here are a few snippets of code:
Select Distinct Top 1000000 tsysAssetTypes.AssetTypeIcon16 As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
Case When tblTPM.IsActivated_InitialValue = 0 Then 'Deactivated0'
When tblTPM.IsActivated_InitialValue = 1 Then 'Activated1'
Else 'Not Present' End As TPMActivation,
tblOperatingsystem.Caption As OS,
Case
When tblOperatingsystem.Caption In ('Microsoft Windows 7 Professional',
'Microsoft Windows 7 å°ˆæ¥ç‰ˆ', 'Microsoft Windows XP Professional',
'Microsoft Windows 7 Professional K') Then 'NO'
When tblOperatingsystem.Caption Not In ('Microsoft Windows 7 Professional',
'Microsoft Windows 7 å°ˆæ¥ç‰ˆ', 'Microsoft Windows XP Professional',
'Microsoft Windows 7 Professional K') Then 'YES' Else 'UNKNOWN'
End As SupportedOS,
tblAssets.Username,
tblAssets.IPAddress,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model
From tblAssets
Inner Join tsysAssetTypes On tblAssets.Assettype = tsysAssetTypes.AssetType
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tblSystemEnclosure On tblSystemEnclosure.AssetID =
tblAssets.AssetID
Left Join tblTPM On tblAssets.AssetID = tblTPM.AssetId
Left Join tblOperatingsystem On tblAssets.AssetID = tblOperatingsystem.AssetID
Where tblAssets.AssetName Not Like 'SC%' And tblAssets.AssetName Not In
(1234, 12345, 123456)
And tblSystemEnclosure.ChassisTypes In ('8', '9', '10', '21', '31',
'32')
&
Select Top 1000000 tsysAssetTypes.AssetTypeIcon16 As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblTPM.SpecVersion,
tblTPM.ManufacturerVersion,
tblTPM.ManufacturerVersionInfo,
Case When tblTPM.IsActivated_InitialValue = 1 Then 'Yes' Else 'No'
End As Activated,
Case When tblTPM.IsEnabled_InitialValue = 1 Then 'Yes' Else 'No'
End As Enabled,
Case When tblTPM.IsOwned_InitialValue = 1 Then 'Yes' Else 'No' End As Owned,
tblTPM.PhysicalPresenceVersionInfo,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tblAssets.Description,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblAssetCustom.Location,
tsysIPLocations.IPLocation,
tsysOS.OSname As OS,
tblAssets.SP As SP,
tblAssets.Firstseen,
tblAssets.Lastseen
From tblTPM
Inner Join tblAssets On tblTPM.AssetId = tblAssets.AssetID
Inner Join tsysAssetTypes On tblAssets.Assettype = tsysAssetTypes.AssetType
Left Join tsysIPLocations On tblAssets.LocationID = tsysIPLocations.LocationID
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblPortableBattery
On tblAssets.AssetID = tblPortableBattery.AssetID
Order By tblAssets.AssetName
Both of these snippets of code run and populate data, but they are not accurate. I have a few systems that I know are encrypted and some that are not and neither of them are falling in line with what LS is reporting. Has anyone else had this issue? Am I missing something in the code? Any support would be great.
*Asset names for parsing are fillers, not what is actually in the query.
Labels:
- Labels:
-
General Discussion
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-08-2019 02:43 PM
If you run LsPush with a logon script, it runs using the privileges of the user logging in. The TMP WMI object can only be accessed when using admin privileges.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-17-2019 10:06 PM
Interesting, thanks for sharing!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-16-2019 02:40 PM
Anyone experiencing the "not accurate" issue:
We experienced the same and found the cause.
We were both doing active scans with scanning credentials,
and were using the lspush in the logon script.
When lspush was run using the logon script, all TPM information disappeared in lansweeper.
When a sceduled en manual scan was run using the scanning credentials, TPM info reappeared.
This might be related:
https://www.lansweeper.com/knowledgebase/event-id-5605-generated-during-scanning/
Our solution/workaround was to drop the lspush from logon script,
and move to lspush using a sceduled task to trigger at logon, but using admin credentials.
When just doing a manual get-wmiobject win32_tpm using admin credentials, we were getting a "class not found" error.
We experienced the same and found the cause.
We were both doing active scans with scanning credentials,
and were using the lspush in the logon script.
When lspush was run using the logon script, all TPM information disappeared in lansweeper.
When a sceduled en manual scan was run using the scanning credentials, TPM info reappeared.
This might be related:
https://www.lansweeper.com/knowledgebase/event-id-5605-generated-during-scanning/
Our solution/workaround was to drop the lspush from logon script,
and move to lspush using a sceduled task to trigger at logon, but using admin credentials.
When just doing a manual get-wmiobject win32_tpm using admin credentials, we were getting a "class not found" error.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-05-2019 06:19 PM
Sander Eerdekens wrote:
Anyone experiencing the "not accurate" issue:
We experienced the same and found the cause.
We were both doing active scans with scanning credentials,
and were using the lspush in the logon script.
When lspush was run using the logon script, all TPM information disappeared in lansweeper.
When a sceduled en manual scan was run using the scanning credentials, TPM info reappeared.
This might be related:
https://www.lansweeper.com/knowledgebase/event-id-5605-generated-during-scanning/
Our solution/workaround was to drop the lspush from logon script,
and move to lspush using a sceduled task to trigger at logon, but using admin credentials.
When just doing a manual get-wmiobject win32_tpm using admin credentials, we were getting a "class not found" error.
Thanks this helped! Could not figure out why systems with TPMs were not reporting. I set up a GPO Scheduled Task to run as SYSTEM on login and it worked and reported the TPMs correctly and removed lspush from the login script.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-25-2018 01:03 PM
I would start by taking a look at some of the individual assets you mentioned. See if assets which have TPM, actually list it on their asset's page (Under Config\Hardware\Trusted Platform module). This way you can at least see if it is a report issue or if the information is simply not in Lansweeper.
If the information is not in Lansweeper, the next step is to look if Windows has the correct information in the WMI class. Lansweeper uses the WMI classes to get most of the information, and therefore, if Windows doesn't have accurate information it the WMI classes, neither will Lansweeper.
You do a check by using the following query on a local machine in PowerShell:
get-wmiobject win32_tpm
If the information is not in Lansweeper, the next step is to look if Windows has the correct information in the WMI class. Lansweeper uses the WMI classes to get most of the information, and therefore, if Windows doesn't have accurate information it the WMI classes, neither will Lansweeper.
You do a check by using the following query on a local machine in PowerShell:
get-wmiobject win32_tpm
General Discussions
Find answers to technical questions about Lansweeper.
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Intune Scanning - No V2 in List & Issues in General Discussions
- Apple Devices not scanned in General Discussions
- Report for trendmicro instaleld assets in Reports & Analytics
- show report results in a custom field in General Discussions
- Access is denied, please check your credentials. in Deployment Packages
