cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
smozie
Engaged Sweeper
I am trying to create a report that can tell whether a TPM is present or not.

I have used a few old community posts about TPM presence and have also come up with queries from "scratch" and I can't find a consistent answer. I have a few systems I know are encrypted using Sophos and Lansweeper is saying they don't have TPM's at all or LS is saying their TPMs are not active. Here are a few snippets of code:

Select Distinct Top 1000000 tsysAssetTypes.AssetTypeIcon16 As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
Case When tblTPM.IsActivated_InitialValue = 0 Then 'Deactivated0'
When tblTPM.IsActivated_InitialValue = 1 Then 'Activated1'
Else 'Not Present' End As TPMActivation,
tblOperatingsystem.Caption As OS,
Case
When tblOperatingsystem.Caption In ('Microsoft Windows 7 Professional',
'Microsoft Windows 7 專業版', 'Microsoft Windows XP Professional',
'Microsoft Windows 7 Professional K') Then 'NO'
When tblOperatingsystem.Caption Not In ('Microsoft Windows 7 Professional',
'Microsoft Windows 7 專業版', 'Microsoft Windows XP Professional',
'Microsoft Windows 7 Professional K') Then 'YES' Else 'UNKNOWN'
End As SupportedOS,
tblAssets.Username,
tblAssets.IPAddress,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model
From tblAssets
Inner Join tsysAssetTypes On tblAssets.Assettype = tsysAssetTypes.AssetType
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tblSystemEnclosure On tblSystemEnclosure.AssetID =
tblAssets.AssetID
Left Join tblTPM On tblAssets.AssetID = tblTPM.AssetId
Left Join tblOperatingsystem On tblAssets.AssetID = tblOperatingsystem.AssetID
Where tblAssets.AssetName Not Like 'SC%' And tblAssets.AssetName Not In
(1234, 12345, 123456)
And tblSystemEnclosure.ChassisTypes In ('8', '9', '10', '21', '31',
'32')

&


Select Top 1000000 tsysAssetTypes.AssetTypeIcon16 As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblTPM.SpecVersion,
tblTPM.ManufacturerVersion,
tblTPM.ManufacturerVersionInfo,
Case When tblTPM.IsActivated_InitialValue = 1 Then 'Yes' Else 'No'
End As Activated,
Case When tblTPM.IsEnabled_InitialValue = 1 Then 'Yes' Else 'No'
End As Enabled,
Case When tblTPM.IsOwned_InitialValue = 1 Then 'Yes' Else 'No' End As Owned,
tblTPM.PhysicalPresenceVersionInfo,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tblAssets.Description,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblAssetCustom.Location,
tsysIPLocations.IPLocation,
tsysOS.OSname As OS,
tblAssets.SP As SP,
tblAssets.Firstseen,
tblAssets.Lastseen
From tblTPM
Inner Join tblAssets On tblTPM.AssetId = tblAssets.AssetID
Inner Join tsysAssetTypes On tblAssets.Assettype = tsysAssetTypes.AssetType
Left Join tsysIPLocations On tblAssets.LocationID = tsysIPLocations.LocationID
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblPortableBattery
On tblAssets.AssetID = tblPortableBattery.AssetID
Order By tblAssets.AssetName



Both of these snippets of code run and populate data, but they are not accurate. I have a few systems that I know are encrypted and some that are not and neither of them are falling in line with what LS is reporting. Has anyone else had this issue? Am I missing something in the code? Any support would be great.

*Asset names for parsing are fillers, not what is actually in the query.
5 REPLIES 5
Esben_D
Lansweeper Employee
Lansweeper Employee
If you run LsPush with a logon script, it runs using the privileges of the user logging in. The TMP WMI object can only be accessed when using admin privileges.
Esben_D
Lansweeper Employee
Lansweeper Employee
Interesting, thanks for sharing!
sandereerd
Engaged Sweeper
Anyone experiencing the "not accurate" issue:
We experienced the same and found the cause.

We were both doing active scans with scanning credentials,
and were using the lspush in the logon script.

When lspush was run using the logon script, all TPM information disappeared in lansweeper.
When a sceduled en manual scan was run using the scanning credentials, TPM info reappeared.

This might be related:
https://www.lansweeper.com/knowledgebase/event-id-5605-generated-during-scanning/

Our solution/workaround was to drop the lspush from logon script,
and move to lspush using a sceduled task to trigger at logon, but using admin credentials.

When just doing a manual get-wmiobject win32_tpm using admin credentials, we were getting a "class not found" error.
Sander Eerdekens wrote:
Anyone experiencing the "not accurate" issue:
We experienced the same and found the cause.

We were both doing active scans with scanning credentials,
and were using the lspush in the logon script.

When lspush was run using the logon script, all TPM information disappeared in lansweeper.
When a sceduled en manual scan was run using the scanning credentials, TPM info reappeared.

This might be related:
https://www.lansweeper.com/knowledgebase/event-id-5605-generated-during-scanning/

Our solution/workaround was to drop the lspush from logon script,
and move to lspush using a sceduled task to trigger at logon, but using admin credentials.

When just doing a manual get-wmiobject win32_tpm using admin credentials, we were getting a "class not found" error.


Thanks this helped! Could not figure out why systems with TPMs were not reporting. I set up a GPO Scheduled Task to run as SYSTEM on login and it worked and reported the TPMs correctly and removed lspush from the login script.
Esben_D
Lansweeper Employee
Lansweeper Employee
I would start by taking a look at some of the individual assets you mentioned. See if assets which have TPM, actually list it on their asset's page (Under Config\Hardware\Trusted Platform module). This way you can at least see if it is a report issue or if the information is simply not in Lansweeper.

If the information is not in Lansweeper, the next step is to look if Windows has the correct information in the WMI class. Lansweeper uses the WMI classes to get most of the information, and therefore, if Windows doesn't have accurate information it the WMI classes, neither will Lansweeper.

You do a check by using the following query on a local machine in PowerShell:

get-wmiobject win32_tpm