Thursday, October 17, 2013

Enabling TPM on HP machines using SCCM 2012

To enable TPM on HP machines there is a tool from HP, Bios Configuration Utility, that modifies BIOS settings from Windows.To modify specified values to BIOS, first they can be exported using following command:
BiosConfigUtility.exe /getconfig:filename.txt

After verifying the exported file the values that we want to modify can be added in new file.
For example, to activate TPM on HP ProBook 6565b these value should be used:

English
OS Management of TPM
    Disable
    *Enable
Embedded Security Activation Policy
    F1 to Boot
    Allow user to reject
    *No prompts
Activate Embedded Security On Next Boot
    Disable
    *Enable
 

Next step is to execute the command to activate TPM on the specified model. Here it is important to note that to do this step there must be BIOS password enabled.
Here is the command:
biosconfigutility.exe /CurSetupPassword:"password" /setconfig:EnableTPM.REPSET

This command can be added in cmd file, and together with EnableTPM.txt can be added in SCCM package that latter can be executed in Task Sequence.


If you need to verify if TPM is enabled in the BIOS then this WMI command can be used:


SELECT * FROM Win32_Tpm where IsEnabled_InitialValue="False"

This command is considered for following WMI Namespace:
root\cimv2\Security\MicrosoftTpm

This command can be placed in Task Sequence:


 

1 comment:

  1. so this mean if the value is false it will not check if the tpm is enabled?

    ReplyDelete