Notification

Icon
Error

TPM Reporting Issue Help - LS reporting TPM info not accurate

Posted: Tuesday, July 17, 2018 1:03:11 AM(UTC)
smozie

smozie

Member Original PosterPosts: 6
0
Like
I am trying to create a report that can tell whether a TPM is present or not.

I have used a few old community posts about TPM presence and have also come up with queries from "scratch" and I can't find a consistent answer. I have a few systems I know are encrypted using Sophos and Lansweeper is saying they don't have TPM's at all or LS is saying their TPMs are not active. Here are a few snippets of code:

Code:
Select Distinct Top 1000000 tsysAssetTypes.AssetTypeIcon16 As icon,
  tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  Case When tblTPM.IsActivated_InitialValue = 0 Then 'Deactivated0'
    When tblTPM.IsActivated_InitialValue = 1 Then 'Activated1'
    Else 'Not Present' End As TPMActivation,
  tblOperatingsystem.Caption As OS,
  Case
    When tblOperatingsystem.Caption In ('Microsoft Windows 7 Professional',
    'Microsoft Windows 7 專業版', 'Microsoft Windows XP Professional',
    'Microsoft Windows 7 Professional K') Then 'NO'
    When tblOperatingsystem.Caption Not In ('Microsoft Windows 7 Professional',
    'Microsoft Windows 7 專業版', 'Microsoft Windows XP Professional',
    'Microsoft Windows 7 Professional K') Then 'YES' Else 'UNKNOWN'
  End As SupportedOS,
  tblAssets.Username,
  tblAssets.IPAddress,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model
From tblAssets
  Inner Join tsysAssetTypes On tblAssets.Assettype = tsysAssetTypes.AssetType
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tblSystemEnclosure On tblSystemEnclosure.AssetID =
    tblAssets.AssetID
  Left Join tblTPM On tblAssets.AssetID = tblTPM.AssetId
  Left Join tblOperatingsystem On tblAssets.AssetID = tblOperatingsystem.AssetID
Where tblAssets.AssetName Not Like 'SC%' And tblAssets.AssetName Not In
  (1234, 12345, 123456) 
And tblSystemEnclosure.ChassisTypes In ('8', '9', '10', '21', '31',
  '32')

&

Code:

Select Top 1000000 tsysAssetTypes.AssetTypeIcon16 As icon,
  tblAssets.AssetID,
  tblAssets.AssetName,
  tblTPM.SpecVersion,
  tblTPM.ManufacturerVersion,
  tblTPM.ManufacturerVersionInfo,
  Case When tblTPM.IsActivated_InitialValue = 1 Then 'Yes' Else 'No'
  End As Activated,
  Case When tblTPM.IsEnabled_InitialValue = 1 Then 'Yes' Else 'No'
  End As Enabled,
  Case When tblTPM.IsOwned_InitialValue = 1 Then 'Yes' Else 'No' End As Owned,
  tblTPM.PhysicalPresenceVersionInfo,
  tblAssets.Domain,
  tblAssets.Username,
  tblAssets.Userdomain,
  tblAssets.IPAddress,
  tblAssets.Description,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tblAssetCustom.Location,
  tsysIPLocations.IPLocation,
  tsysOS.OSname As OS,
  tblAssets.SP As SP,
  tblAssets.Firstseen,
  tblAssets.Lastseen
From tblTPM
  Inner Join tblAssets On tblTPM.AssetId = tblAssets.AssetID
  Inner Join tsysAssetTypes On tblAssets.Assettype = tsysAssetTypes.AssetType
  Left Join tsysIPLocations On tblAssets.LocationID = tsysIPLocations.LocationID
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
  Inner Join tblPortableBattery
    On tblAssets.AssetID = tblPortableBattery.AssetID
Order By tblAssets.AssetName



Both of these snippets of code run and populate data, but they are not accurate. I have a few systems that I know are encrypted and some that are not and neither of them are falling in line with what LS is reporting. Has anyone else had this issue? Am I missing something in the code? Any support would be great.

*Asset names for parsing are fillers, not what is actually in the query.
Esben.D
#1Esben.D Member Administration Posts: 1,822  
posted: 7/25/2018 12:03:32 PM(UTC)
I would start by taking a look at some of the individual assets you mentioned. See if assets which have TPM, actually list it on their asset's page (Under Config\Hardware\Trusted Platform module). This way you can at least see if it is a report issue or if the information is simply not in Lansweeper.

If the information is not in Lansweeper, the next step is to look if Windows has the correct information in the WMI class. Lansweeper uses the WMI classes to get most of the information, and therefore, if Windows doesn't have accurate information it the WMI classes, neither will Lansweeper.

You do a check by using the following query on a local machine in PowerShell:

get-wmiobject win32_tpm
Sander Eerdekens
#2Sander Eerdekens Member Posts: 2  
posted: 7/16/2019 1:40:14 PM(UTC)
Anyone experiencing the "not accurate" issue:
We experienced the same and found the cause.

We were both doing active scans with scanning credentials,
and were using the lspush in the logon script.

When lspush was run using the logon script, all TPM information disappeared in lansweeper.
When a sceduled en manual scan was run using the scanning credentials, TPM info reappeared.

This might be related:
https://www.lansweeper.c...nerated-during-scanning/

Our solution/workaround was to drop the lspush from logon script,
and move to lspush using a sceduled task to trigger at logon, but using admin credentials.

When just doing a manual get-wmiobject win32_tpm using admin credentials, we were getting a "class not found" error.
Esben.D
#3Esben.D Member Administration Posts: 1,822  
posted: 7/17/2019 9:06:24 PM(UTC)
Interesting, thanks for sharing!
Lee-Kinetic
#4Lee-Kinetic Member Posts: 2  
posted: 8/5/2019 5:19:47 PM(UTC)
Originally Posted by: Sander Eerdekens Go to Quoted Post
Anyone experiencing the "not accurate" issue:
We experienced the same and found the cause.

We were both doing active scans with scanning credentials,
and were using the lspush in the logon script.

When lspush was run using the logon script, all TPM information disappeared in lansweeper.
When a sceduled en manual scan was run using the scanning credentials, TPM info reappeared.

This might be related:
https://www.lansweeper.c...nerated-during-scanning/

Our solution/workaround was to drop the lspush from logon script,
and move to lspush using a sceduled task to trigger at logon, but using admin credentials.

When just doing a manual get-wmiobject win32_tpm using admin credentials, we were getting a "class not found" error.


Thanks this helped! Could not figure out why systems with TPMs were not reporting. I set up a GPO Scheduled Task to run as SYSTEM on login and it worked and reported the TPMs correctly and removed lspush from the login script.
Esben.D
#5Esben.D Member Administration Posts: 1,822  
posted: 8/8/2019 1:43:46 PM(UTC)
If you run LsPush with a logon script, it runs using the privileges of the user logging in. The TMP WMI object can only be accessed when using admin privileges.

Active Discussions

Lansweeper Lansweeper Reporting Old Assets as New
by  Jpatterson   Go to last post Go to first unread
Last post: Today at 8:09:00 PM(UTC)
Lansweeper Change History or Restore of Custom Reports?
by  GoHawks5  
Go to last post Go to first unread
Last post: Today at 4:20:52 PM(UTC)
Lansweeper agents can't create new tabs
by  Esben.D   Go to last post Go to first unread
Last post: Today at 3:51:07 PM(UTC)
Lansweeper Schedule/Calendar Ticket
by  enush  
Go to last post Go to first unread
Last post: Today at 3:46:21 PM(UTC)
Lansweeper Admins view all helpdesk tickets
by  Esben.D   Go to last post Go to first unread
Last post: Today at 3:44:50 PM(UTC)
Lansweeper Features Questions
by  datev   Go to last post Go to first unread
Last post: Today at 2:03:03 PM(UTC)
Lansweeper Assets disappearing
by  Ian.Prentice  
Go to last post Go to first unread
Last post: Today at 11:39:52 AM(UTC)