SCCM 2012 – Testing for Dell TPM Activation in a Task Sequence

We want our task sequences to fail as early as possible if there’s going to be a problem. One thing we’ve noticed is that if the TPM fails to activate, the task sequence will eventually fail on the ‘Enable Bitlocker’ step. What ends up happening is that the TS fails, reboots, and the system looks completely normal except that Bitlocker isn’t enabled. Our help desk ended up sending out a few machines like this, which had to be found and encrypted after the fact.

Here’s how to test for TPM actication and fail the task sequence.

  1. Create a CCTK Package using the instructions on my previous post: SCCM 2012 – Architecture Agnostic Dell CCTK WinPE Bios Package.
  2. Using the same instructions, create a TS action to install the Dell HAPI drivers.
  3. Optionally, use the instructions on my previous post to create a generic bios settings template: SCCM 2012 – Generic Multi-Platform Dell CCTK BIOS Settings.
  4. Save the following file as ‘check-tpmactivation.vbs’ in your dell-cctk package.
    'if argument 'warn', set bFailIfDeactivated = True
    'if argument 'fail', set bFailIfDeactivated = True
    Dim bWarnOnly, bArgOK, mainArg, iExitcode
    iExitcode = 0
    bArgOK = vbFalse
    bWarnOnly = vbFalse
    If WScript.Arguments.Count = 1 Then
    	mainArg = Wscript.Arguments(0)
    	If mainArg = "warnonly" Then
    		bArgOK = vbTrue
    		bWarnOnly = vbTrue
    	End If
    ElseIf Wscript.Arguments.Count = 0 Then
    	bArgOK = vbTrue
    	bWarnOnly = vbFalse
    Else
    	bArgOK = vbFalse
    End If
    
    Dim msg, cmd, text, objShell, strPath, action
    If bArgOK = vbTrue Then
    	Set objShell = CreateObject("Wscript.Shell")
    	strPath = objShell.CurrentDirectory
    
    	'ref: http://stackoverflow.com/questions/5690134/running-command-line-silently-with-vbscript-and-getting-output
    	cmd = "cmd /c " & strPath & "\cctk.cmd --tpmactivation > " & strPath & "\tpmout.txt"
    	'wscript.echo cmd
    	action = objShell.Run(cmd, 0, True)
    
    	'parse result
    	Set fso  = CreateObject("Scripting.FileSystemObject")
    	Set file = fso.OpenTextFile((strPath & "\tpmout.txt"), 1)
    	text = file.ReadAll
    	file.Close
    
    	'if 'deactivated' then act
    	If InStr(text,"deactivated") Then
    		If bWarnOnly = True Then
    			msg = "Warning! This system's TPM is deactivated. The task sequence will now attempt to enable the TPM then reboot. If this attempt fails, the task sequence will fail. I recommend entering the BIOS after clicking OK and enabling the TPM manually."
    			msgbox msg
    			iExitcode = 0
    		Else
    			msg = "Warning! This task sequence is failing because the TPM is deactivated and the task sequence was not able to enable it automatically."
    			msgbox msg
    			iExitcode = 1
    		End If
    	End If
    Else
    	msg = "Arguments invalid."
    	iExitcode = 1
    End If
    
    Wscript.Quit iExitcode
  5. Create a ‘run command-line’ action after the Install HAPI Drivers action, linked to the dell-cctk package, with the following command.
    check-tpmactivation.vbs

Now, the task sequence will throw a message box if the TPM is deactivated, and fail the task sequence. I recommend duplicating this task sequence action and placing one of the duplicates before your automated attempt to enable the TPM, with the following modified command:

check-tpmactivation.vbs warnonly

This will throw a different message box suggesting that the user manually check the BIOS setting during the next reboot.

Have fun!

Advertisements

2 thoughts on “SCCM 2012 – Testing for Dell TPM Activation in a Task Sequence

  1. Pingback: SCCM 2012 – Optimizing Dell CCTK OSD Actions into WinPE | windowsmasher

  2. Pingback: Table of Contents | windowsmasher

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s