TPM status with wmi

[blumi]

I found a website where it is explained how to use wmi to check the tpm status of the tmp security chip.

http://windowsitpro.com/security/checking-status-trusted-platform-module-command-line

I tried this with autoit, but had no success.

Anyone here who can give little support to me?

Thanks

expandcollapse popup

#include <Array.au3>

$ScriptName     = "TPM Status"

Dim $sResult
$strComputer = "lapxxx"

$objWMIService = ObjGet("wmic /namespace:\\.\root\cimv2\security\microsofttpm")
;$objWMIService = ObjGet("wmic /namespace:\\" & $strComputer & "\root\cimv2\security\microsofttpm")
;$objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $strComputer & "\root\cimv2")
$colItems = $objWMIService.InstancesOf("Select * from Win32_Tpm")

For $objItem In $colItems
    $IsActivated = $objItem.IsActivated_InitialValue
    $IsEnabled = $objItem.IsEnabled_InitialValue

    MsgBox(0, $ScriptName,  "IsActivated: " & $IsActivated & @CRLF & _
                                                    "IsEnabled: " & $IsEnabled & @CRLF & _
                                                    "x: " )
Next




$oMTpm = ObjGet("winmgmts:\\.\root\cimv2\Security\MicrosoftTpm")
$oCol = $oMTpm.InstancesOf("Win32_Tpm")


For $oObj In $oCol

    ConsoleWrite($oObj.IsActivated_InitialValue & @CRLF)
    ConsoleWrite($oObj.IsEnabled_InitialValue & @CRLF)
    ConsoleWrite($oObj.IsOwned_InitialValue & @CRLF)
    ConsoleWrite($oObj.SpecVersion & @CRLF)
    ConsoleWrite($oObj.ManufacturerVersion & @CRLF)
    ConsoleWrite($oObj.ManufacturerVersionInfo & @CRLF)
    ConsoleWrite($oObj.ManufacturerId & @CRLF)
    ConsoleWrite($oObj.PhysicalPresenceVersionInfo & @CRLF)

Next

 

 

[pluto41]

; TPM Security Info

Opt ( 'MustDeclareVars', 1 )

Local $objWMIService, $colItem, $objItem        ; Declare
Local $strComputer = "."                        ; Local Computer

; WMI Object
$objWMIService = ObjGet ( "WinMgmts:{impersonationLevel=impersonate,AuthenticationLevel=pktprivacy}//" & $strComputer & "\root\CIMV2\Security\MicrosoftTpm" )

; WMI Object check.
If IsObj ( $objWMIService ) Then
    ConsoleWrite ( "Object YES" & @CRLF )   ; Debug console message
Else
    ConsoleWrite ( "Object NO" & @CRLF )
    Exit 1  ; Exit Script Object error / WMI MicrosoftTpm not found.
EndIf

$objItem = $objWMIService.InstancesOf ( "Win32_Tpm" )

For $colItems In $objItem
    ConsoleWrite ( "IsActivated : " & $colItems.IsActivated_InitialValue & @CRLF )
    ConsoleWrite ( "IsEnabled : " & $colItems.IsEnabled_InitialValue & @CRLF )
    ConsoleWrite ( "IsOwned : " & $colItems.IsOwned_InitialValue & @CRLF )
    ConsoleWrite ( "SpecVersion : " & $colItems.SpecVersion & @CRLF )
    ConsoleWrite ( "ManufacturerVersion : " & $colItems.ManufacturerVersion & @CRLF )
    ConsoleWrite ( "ManufacturerVersionInfo : " & $colItems.ManufacturerVersionInfo & @CRLF )
    ConsoleWrite ( "ManufacturerId : " & $colItems.ManufacturerId & @CRLF )
    ConsoleWrite ( "PhysicalPresenceVersionInfo : " & $colItems.PhysicalPresenceVersionInfo & @CRLF )
Next

Hi, I don't have TPM enabled and i am running Windows in a virtual machine. Anyway i narrowed your'e code a bit down and rewrote a little bit. Hope this works for you. 

[blumi]

Thanks for your help pluto41, it works now fine.

[blumi]

One more question about the manufactureid.

How to convert it from the id to text?

 

Found this about it.

Data type: uint32

Access type: Read-only

ManufacturerId

The identifying information that uniquely names the TPM manufacturer.

When the data is unavailable, zero is returned.

This integer value can be translated to a string value by interpreting each byte as an ASCII character. For example, an integer value of 1414548736 can be divided into these 4 bytes: 0x54, 0x50, 0x4D, and 0x00. Assuming the string is interpreted from left to right, this integer value translated to a string value of "TPM".

 

[blumi]

  On 8/5/2016 at 3:20 PM, pluto41 said:

; TPM Security Info

Opt ( 'MustDeclareVars', 1 )

Local $objWMIService, $colItem, $objItem        ; Declare
Local $strComputer = "."                        ; Local Computer

; WMI Object
$objWMIService = ObjGet ( "WinMgmts:{impersonationLevel=impersonate,AuthenticationLevel=pktprivacy}//" & $strComputer & "\root\CIMV2\Security\MicrosoftTpm" )

; WMI Object check.
If IsObj ( $objWMIService ) Then
    ConsoleWrite ( "Object YES" & @CRLF )   ; Debug console message
Else
    ConsoleWrite ( "Object NO" & @CRLF )
    Exit 1  ; Exit Script Object error / WMI MicrosoftTpm not found.
EndIf

$objItem = $objWMIService.InstancesOf ( "Win32_Tpm" )

For $colItems In $objItem
    ConsoleWrite ( "IsActivated : " & $colItems.IsActivated_InitialValue & @CRLF )
    ConsoleWrite ( "IsEnabled : " & $colItems.IsEnabled_InitialValue & @CRLF )
    ConsoleWrite ( "IsOwned : " & $colItems.IsOwned_InitialValue & @CRLF )
    ConsoleWrite ( "SpecVersion : " & $colItems.SpecVersion & @CRLF )
    ConsoleWrite ( "ManufacturerVersion : " & $colItems.ManufacturerVersion & @CRLF )
    ConsoleWrite ( "ManufacturerVersionInfo : " & $colItems.ManufacturerVersionInfo & @CRLF )
    ConsoleWrite ( "ManufacturerId : " & $colItems.ManufacturerId & @CRLF )
    ConsoleWrite ( "PhysicalPresenceVersionInfo : " & $colItems.PhysicalPresenceVersionInfo & @CRLF )
Next

Hi, I don't have TPM enabled and i am running Windows in a virtual machine. Anyway i narrowed your'e code a bit down and rewrote a little bit. Hope this works for you. 

Expand  

Today I found this old entry and I did want to try this script. It does not work any longer it seems. 

$objWMIService looks empty -> Object No is written into the console. 

Can anyone check and confirm?

Have there been some changes?

Thank you

 

[mLipok]

Take a look here:

 

[blumi]

I have found that one and read it. 

It is too much code for what I really need. 

Just want to connect to the wmi class and grab these values.

class Win32_Tpm
{
  boolean IsActivated_InitialValue;
  boolean IsEnabled_InitialValue;
  boolean IsOwned_InitialValue;
  string  SpecVersion;
  string  ManufacturerVersion;
  string  ManufacturerVersionInfo;
  uint32  ManufacturerId;
  string  PhysicalPresenceVersionInfo;
};

  Quote

 

Expand  

 

[blumi]

Just tried this, but it does not work. 

#include <MsgBoxConstants.au3>

$ScriptName     = "TPM Status"



Opt ( 'MustDeclareVars', 1 )

Local $objWMIService, $colItem, $objItem        ; Declare
Local $strComputer = "."                        ; Local Computer

; WMI Object
$objWMIService = ObjGet("WinMgmts:{impersonationLevel=impersonate,AuthenticationLevel=pktprivacy}\\" & $strComputer & "\root\CIMV2\Security\MicrosoftTpm")

; WMI Object check.
If IsObj ( $objWMIService ) Then
    ConsoleWrite ( "Object YES" & @CRLF )   ; Debug console message
Else
    ConsoleWrite ( "Object NO" & @CRLF )
    Exit 1  ; Exit Script Object error / WMI MicrosoftTpm not found.
EndIf

 

[water]

Add a COM error handler to your script for more detailed error information. The help file describes in ObjEvent how to do.

[blumi]

I am no expert, not sure where to find what you mean. 

Maybe one here can help me a little bit, as said I am no expert. 

In my eyes the error handling is one of the biggest mistakes in autoit here is big room for improvements. 

The stupid error message "variable used withouth being declacred in line 14123" for example helps nobody. 

[Melba23]

blumi,

  Quote

The stupid error message "variable used withouth being declacred in line 14123" for example helps nobody. 

Expand  

On the contrary it is quite helpful - if you used Au3Stripper on your script before compiling. And if you ran your script through Au3Check you would probably find out that you had an undeclared variable before you compiled your script. Both of those utilities are included in the SciTE4AutoIt3 package, which also gives you lots of other useful aids to your AutoIt programming.

As to the proximate problem - you find a comprehensive example of COM error handling in the ObjEvent page of the Help file, as water told you  above.

Finally if you do not like AutoIt then there are plenty of other languages out there for you to try.

M23

 

[blumi]

I did not say I don't like autoit and I could do some small helpfull scripts for me with it. 

I don't like the error handling. I have read in other posts about Au3Check and Au3Stripper, and I did some tries with it. 

But I don't know how to use it correct. May be here would be a tutorial very helpfull. May be one exists an I don't know. 

Same with the Com error in the ObjEvent page, I don't know where to find, I searched in the help but can't find it. 

For you here it is all so easy, cause you use autit very often. If you don't use it so often, it is nice to have a place where I can read thing again and again, so I don't have to ask here. 😉

[water]

Stripped down example from the help file (ObjEvent). Add your code after the frist line and you will get detailed information what goes wrong written to the console.

Local $oErrorHandler = ObjEvent("AutoIt.Error", "_ErrFunc")

; Your code goes here

; User's COM error function. Will be called if COM error occurs
Func _ErrFunc($oError)
    ; Do anything here.
    ConsoleWrite(@ScriptName & " (" & $oError.scriptline & ") : ==> COM Error intercepted !" & @CRLF & _
            @TAB & "err.number is: " & @TAB & @TAB & "0x" & Hex($oError.number) & @CRLF & _
            @TAB & "err.windescription:" & @TAB & $oError.windescription & @CRLF & _
            @TAB & "err.description is: " & @TAB & $oError.description & @CRLF & _
            @TAB & "err.source is: " & @TAB & @TAB & $oError.source & @CRLF & _
            @TAB & "err.helpfile is: " & @TAB & $oError.helpfile & @CRLF & _
            @TAB & "err.helpcontext is: " & @TAB & $oError.helpcontext & @CRLF & _
            @TAB & "err.lastdllerror is: " & @TAB & $oError.lastdllerror & @CRLF & _
            @TAB & "err.scriptline is: " & @TAB & $oError.scriptline & @CRLF & _
            @TAB & "err.retcode is: " & @TAB & "0x" & Hex($oError.retcode) & @CRLF & @CRLF)
EndFunc   ;==>_ErrFunc

[blumi]

Okay thank you. I will save this code and try it to use more often in other scripts. 

Now I get some more details why it does not work, but I can't find out why it does not work.

TPM Status3.au3 (37) : ==> COM Error intercepted !
    err.number is:      0x80041003
    err.windescription: 
    err.description is:     
    err.source is:      
    err.helpfile is:    
    err.helpcontext is:     
    err.lastdllerror is:    0
    err.scriptline is:  37
    err.retcode is:     0x00000000

Any ideas?

[water]

Hresult 0x80041003 stands for "Access denied".

Google returns a lot of results when searching for "hresult 0x80041003 WMI" like https://social.technet.microsoft.com/Forums/ie/en-US/4e0b3b10-859c-43de-80b9-a8a480d6e432/unable-to-save-wmi-object-new-settings-0x80041003-acess-denied?forum=winserverManagement

Have a  look at the Eventlog as well - you might get more details about this problem there.

Details about WMI can be found here: https://docs.microsoft.com/en-au/windows/win32/wmisdk/wmi-start-page

The forum returns something like this:

 

Edited March 4, 2021 by water

[ripdad]

Try #RequireAdmin at the top of your script.

 

[blumi]

#RequireAdmin was used. 

If found another solution for the command line

wmic /namespace:\\root\CIMV2\Security\MicrosoftTpm path Win32_ Tpm get /value

With this it works fine and I got what I want. 😉