TPM status with wmi

blumi · August 5, 2016

I found a website where it is explained how to use wmi to check the tpm status of the tmp security chip.

http://windowsitpro.com/security/checking-status-trusted-platform-module-command-line

I tried this with autoit, but had no success.

Anyone here who can give little support to me?

Thanks

#include <Array.au3>

$ScriptName     = "TPM Status"

Dim $sResult
$strComputer = "lapxxx"

$objWMIService = ObjGet("wmic /namespace:\\.\root\cimv2\security\microsofttpm")
;$objWMIService = ObjGet("wmic /namespace:\\" & $strComputer & "\root\cimv2\security\microsofttpm")
;$objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $strComputer & "\root\cimv2")
$colItems = $objWMIService.InstancesOf("Select * from Win32_Tpm")

For $objItem In $colItems
    $IsActivated = $objItem.IsActivated_InitialValue
    $IsEnabled = $objItem.IsEnabled_InitialValue

    MsgBox(0, $ScriptName,  "IsActivated: " & $IsActivated & @CRLF & _
                                                    "IsEnabled: " & $IsEnabled & @CRLF & _
                                                    "x: " )
Next




$oMTpm = ObjGet("winmgmts:\\.\root\cimv2\Security\MicrosoftTpm")
$oCol = $oMTpm.InstancesOf("Win32_Tpm")


For $oObj In $oCol

    ConsoleWrite($oObj.IsActivated_InitialValue & @CRLF)
    ConsoleWrite($oObj.IsEnabled_InitialValue & @CRLF)
    ConsoleWrite($oObj.IsOwned_InitialValue & @CRLF)
    ConsoleWrite($oObj.SpecVersion & @CRLF)
    ConsoleWrite($oObj.ManufacturerVersion & @CRLF)
    ConsoleWrite($oObj.ManufacturerVersionInfo & @CRLF)
    ConsoleWrite($oObj.ManufacturerId & @CRLF)
    ConsoleWrite($oObj.PhysicalPresenceVersionInfo & @CRLF)

Next

pluto41 · August 5, 2016

; TPM Security Info

Opt ( 'MustDeclareVars', 1 )

Local $objWMIService, $colItem, $objItem        ; Declare
Local $strComputer = "."                        ; Local Computer

; WMI Object
$objWMIService = ObjGet ( "WinMgmts:{impersonationLevel=impersonate,AuthenticationLevel=pktprivacy}//" & $strComputer & "\root\CIMV2\Security\MicrosoftTpm" )

; WMI Object check.
If IsObj ( $objWMIService ) Then
    ConsoleWrite ( "Object YES" & @CRLF )   ; Debug console message
Else
    ConsoleWrite ( "Object NO" & @CRLF )
    Exit 1  ; Exit Script Object error / WMI MicrosoftTpm not found.
EndIf

$objItem = $objWMIService.InstancesOf ( "Win32_Tpm" )

For $colItems In $objItem
    ConsoleWrite ( "IsActivated : " & $colItems.IsActivated_InitialValue & @CRLF )
    ConsoleWrite ( "IsEnabled : " & $colItems.IsEnabled_InitialValue & @CRLF )
    ConsoleWrite ( "IsOwned : " & $colItems.IsOwned_InitialValue & @CRLF )
    ConsoleWrite ( "SpecVersion : " & $colItems.SpecVersion & @CRLF )
    ConsoleWrite ( "ManufacturerVersion : " & $colItems.ManufacturerVersion & @CRLF )
    ConsoleWrite ( "ManufacturerVersionInfo : " & $colItems.ManufacturerVersionInfo & @CRLF )
    ConsoleWrite ( "ManufacturerId : " & $colItems.ManufacturerId & @CRLF )
    ConsoleWrite ( "PhysicalPresenceVersionInfo : " & $colItems.PhysicalPresenceVersionInfo & @CRLF )
Next

Hi, I don't have TPM enabled and i am running Windows in a virtual machine. Anyway i narrowed your'e code a bit down and rewrote a little bit. Hope this works for you.

blumi · August 8, 2016

Thanks for your help pluto41, it works now fine.

blumi · August 9, 2016

One more question about the manufactureid.

How to convert it from the id to text?

Found this about it.

Data type: uint32
Access type: Read-only

ManufacturerId

The identifying information that uniquely names the TPM manufacturer.

When the data is unavailable, zero is returned.

This integer value can be translated to a string value by interpreting each byte as an ASCII character. For example, an integer value of 1414548736 can be divided into these 4 bytes: 0x54, 0x50, 0x4D, and 0x00. Assuming the string is interpreted from left to right, this integer value translated to a string value of "TPM".

blumi · March 4, 2021

On 8/5/2016 at 5:20 PM, pluto41 said:

; TPM Security Info

Opt ( 'MustDeclareVars', 1 )

Local $objWMIService, $colItem, $objItem        ; Declare
Local $strComputer = "."                        ; Local Computer

; WMI Object
$objWMIService = ObjGet ( "WinMgmts:{impersonationLevel=impersonate,AuthenticationLevel=pktprivacy}//" & $strComputer & "\root\CIMV2\Security\MicrosoftTpm" )

; WMI Object check.
If IsObj ( $objWMIService ) Then
    ConsoleWrite ( "Object YES" & @CRLF )   ; Debug console message
Else
    ConsoleWrite ( "Object NO" & @CRLF )
    Exit 1  ; Exit Script Object error / WMI MicrosoftTpm not found.
EndIf

$objItem = $objWMIService.InstancesOf ( "Win32_Tpm" )

For $colItems In $objItem
    ConsoleWrite ( "IsActivated : " & $colItems.IsActivated_InitialValue & @CRLF )
    ConsoleWrite ( "IsEnabled : " & $colItems.IsEnabled_InitialValue & @CRLF )
    ConsoleWrite ( "IsOwned : " & $colItems.IsOwned_InitialValue & @CRLF )
    ConsoleWrite ( "SpecVersion : " & $colItems.SpecVersion & @CRLF )
    ConsoleWrite ( "ManufacturerVersion : " & $colItems.ManufacturerVersion & @CRLF )
    ConsoleWrite ( "ManufacturerVersionInfo : " & $colItems.ManufacturerVersionInfo & @CRLF )
    ConsoleWrite ( "ManufacturerId : " & $colItems.ManufacturerId & @CRLF )
    ConsoleWrite ( "PhysicalPresenceVersionInfo : " & $colItems.PhysicalPresenceVersionInfo & @CRLF )
Next

Hi, I don't have TPM enabled and i am running Windows in a virtual machine. Anyway i narrowed your'e code a bit down and rewrote a little bit. Hope this works for you.

Today I found this old entry and I did want to try this script. It does not work any longer it seems.

$objWMIService looks empty -> Object No is written into the console.

Can anyone check and confirm?

Have there been some changes?

Thank you

mLipok · March 4, 2021

Take a look here:

blumi · March 4, 2021

I have found that one and read it.

It is too much code for what I really need.

Just want to connect to the wmi class and grab these values.

class Win32_Tpm
{
  boolean IsActivated_InitialValue;
  boolean IsEnabled_InitialValue;
  boolean IsOwned_InitialValue;
  string  SpecVersion;
  string  ManufacturerVersion;
  string  ManufacturerVersionInfo;
  uint32  ManufacturerId;
  string  PhysicalPresenceVersionInfo;
};

Quote

blumi · March 4, 2021

Just tried this, but it does not work.

#include <MsgBoxConstants.au3>

$ScriptName     = "TPM Status"



Opt ( 'MustDeclareVars', 1 )

Local $objWMIService, $colItem, $objItem        ; Declare
Local $strComputer = "."                        ; Local Computer

; WMI Object
$objWMIService = ObjGet("WinMgmts:{impersonationLevel=impersonate,AuthenticationLevel=pktprivacy}\\" & $strComputer & "\root\CIMV2\Security\MicrosoftTpm")

; WMI Object check.
If IsObj ( $objWMIService ) Then
    ConsoleWrite ( "Object YES" & @CRLF )   ; Debug console message
Else
    ConsoleWrite ( "Object NO" & @CRLF )
    Exit 1  ; Exit Script Object error / WMI MicrosoftTpm not found.
EndIf

water · March 4, 2021

Add a COM error handler to your script for more detailed error information. The help file describes in ObjEvent how to do.

blumi · March 4, 2021

I am no expert, not sure where to find what you mean.

Maybe one here can help me a little bit, as said I am no expert.

In my eyes the error handling is one of the biggest mistakes in autoit here is big room for improvements.

The stupid error message "variable used withouth being declacred in line 14123" for example helps nobody.

Melba23 · March 4, 2021

blumi,

Quote

The stupid error message "variable used withouth being declacred in line 14123" for example helps nobody.

On the contrary it is quite helpful - if you used Au3Stripper on your script before compiling. And if you ran your script through Au3Check you would probably find out that you had an undeclared variable before you compiled your script. Both of those utilities are included in the SciTE4AutoIt3 package, which also gives you lots of other useful aids to your AutoIt programming.

As to the proximate problem - you find a comprehensive example of COM error handling in the ObjEvent page of the Help file, as water told you above.

Finally if you do not like AutoIt then there are plenty of other languages out there for you to try.

M23

blumi · March 4, 2021

I did not say I don't like autoit and I could do some small helpfull scripts for me with it.

I don't like the error handling. I have read in other posts about Au3Check and Au3Stripper, and I did some tries with it.

But I don't know how to use it correct. May be here would be a tutorial very helpfull. May be one exists an I don't know.

Same with the Com error in the ObjEvent page, I don't know where to find, I searched in the help but can't find it.

For you here it is all so easy, cause you use autit very often. If you don't use it so often, it is nice to have a place where I can read thing again and again, so I don't have to ask here. 😉

water · March 4, 2021

Stripped down example from the help file (ObjEvent). Add your code after the frist line and you will get detailed information what goes wrong written to the console.

Local $oErrorHandler = ObjEvent("AutoIt.Error", "_ErrFunc")

; Your code goes here

; User's COM error function. Will be called if COM error occurs
Func _ErrFunc($oError)
    ; Do anything here.
    ConsoleWrite(@ScriptName & " (" & $oError.scriptline & ") : ==> COM Error intercepted !" & @CRLF & _
            @TAB & "err.number is: " & @TAB & @TAB & "0x" & Hex($oError.number) & @CRLF & _
            @TAB & "err.windescription:" & @TAB & $oError.windescription & @CRLF & _
            @TAB & "err.description is: " & @TAB & $oError.description & @CRLF & _
            @TAB & "err.source is: " & @TAB & @TAB & $oError.source & @CRLF & _
            @TAB & "err.helpfile is: " & @TAB & $oError.helpfile & @CRLF & _
            @TAB & "err.helpcontext is: " & @TAB & $oError.helpcontext & @CRLF & _
            @TAB & "err.lastdllerror is: " & @TAB & $oError.lastdllerror & @CRLF & _
            @TAB & "err.scriptline is: " & @TAB & $oError.scriptline & @CRLF & _
            @TAB & "err.retcode is: " & @TAB & "0x" & Hex($oError.retcode) & @CRLF & @CRLF)
EndFunc   ;==>_ErrFunc

blumi · March 4, 2021

Okay thank you. I will save this code and try it to use more often in other scripts.

Now I get some more details why it does not work, but I can't find out why it does not work.

TPM Status3.au3 (37) : ==> COM Error intercepted !
    err.number is:      0x80041003
    err.windescription: 
    err.description is:     
    err.source is:      
    err.helpfile is:    
    err.helpcontext is:     
    err.lastdllerror is:    0
    err.scriptline is:  37
    err.retcode is:     0x00000000

Any ideas?

water · March 4, 2021

Hresult 0x80041003 stands for "Access denied".

Google returns a lot of results when searching for "hresult 0x80041003 WMI" like https://social.technet.microsoft.com/Forums/ie/en-US/4e0b3b10-859c-43de-80b9-a8a480d6e432/unable-to-save-wmi-object-new-settings-0x80041003-acess-denied?forum=winserverManagement

Have a look at the Eventlog as well - you might get more details about this problem there.

Details about WMI can be found here: https://docs.microsoft.com/en-au/windows/win32/wmisdk/wmi-start-page

The forum returns something like this:

Edited March 4, 2021 by water

ripdad · March 5, 2021

Try #RequireAdmin at the top of your script.

blumi · March 5, 2021

#RequireAdmin was used.

If found another solution for the command line

wmic /namespace:\\root\CIMV2\Security\MicrosoftTpm path Win32_ Tpm get /value

With this it works fine and I got what I want. 😉

Sign In

TPM status with wmi

Recommended Posts

blumi

pluto41

blumi

blumi

blumi

mLipok

blumi

blumi

water

blumi

Melba23

blumi

water

blumi

water

ripdad

blumi

Create an account or sign in to comment

Create an account

Sign in

Similar Content

WMI on Libre/Open Hardware Monitor

Printers Management UDF 1 2 3 4 7

Reading time from local machine using WMI

WMI in Autoit - (Moved) 1 2

WMIC Issue

Browse

AutoIt Resources

Release

Beta