as you are getting your systems ready for BitLocker deployments you’ll probably at some stage want to know if the TPM chip is enabled or disabled in the bios, to do this in WinPE involves the following,
create a Run Command Line step called Load TPM WinPE driver with the following command line:
drvload x:\windows\inf\tpm.inf
this is needed to interrogate the tpm chip via a wmi call coming next
next create two new groups in your task sequence, one called TPM Enabled in Bios and the other TPM Disabled in Bios,
The TPM Enabled in Bios group needs to have the following WMI query set in the options Tab
WMI Namespace: root\cimv2\Security\MicrosoftTPM
WQL Query: Select * FROM Win32_TPM
and for the TPM Disabled in Bios group we have the following set on the options tab:-
This group/step will run if the following conditions are met:
if None of the conditions is true
WMI Namespace: root\cimv2\Security\MicrosoftTPM
WQL Query: Select * FROM Win32_TPM
you can place whatever commands you wish in those groups (for example Suspend BitLocker) once you’ve identified the chip is enabled or not,
that’s it, happy BitLockering
